Windows Spyware Protection
Windows Spyware Protection is a new variant of the rogue program called Best Malware Protection. This type of program can get itself on one’s computer whenever a Trojan is executed with knowledge when it pretend to be a legitimate program from file-sharing networks. A fake movie website also distribute a copy of Windows Spyware Protection by requiring visitors to download a player, which is actually a malware. When installed on the PC, instead of installing the desired application, an unlicensed version of Windows Spyware Protection will appear on the system. This will be the start of computer annoyances in the form of fake pop-up messages and false virus scan results.
To prevent further harm on the computer, immediately remove Windows Spyware Protection using an effective and legitimate security software. A combination of anti-malware and anti-virus applications are found to be effective in getting rid of rogue security applications. Below is a simple guide that will help remove Windows Spyware Protection and all of its associated files that were dropped on the system. It is strongly recommended to stop buying this fake software as it will charge excess amount on victims credit card account.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Windows Spyware Protection Infection?
It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “8″ = “avgui.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “7″ = “avgfrw.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “6″ = “avscan.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “10″ = “avgscanx.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “5″ = “avcenter.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “0″ = “msseces.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Windows Spyware Protection”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “”1″ = “MSASCui.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “3″ = “egui.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “2″ = “ekrn.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “15″ = “avgwdsvc.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “14″ = “avgcmgr.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “13″ = “avgchsvx.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “12″ = “avgemc.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “11″ = “avgcfgex.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “9″ = “avgtray.exe”
The threat will drop the following malicious files:
%UserProfile%\Application Data\Windows Spyware Protection\Instructions.ini
%UserProfile%\Start Menu\Programs\Windows Spyware Protection.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Spyware Protection.lnk
C:\Documents and Settings\All Users\Application Data\23077d\DF812_908.exe
%UserProfile%\Application Data\Windows Spyware Protection
%UserProfile%\Application Data\Windows Spyware Protection\cookies.sqlite
%UserProfile%\Desktop\Windows Spyware Protection.lnk
%UserProfile%\Start Menu\Windows Spyware Protection.lnk
How to Remove Windows Spyware Protection Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Windows Spyware Protection
1. Download and run Removal Tool to remove this computer threat.
Windows Restore Windows Security 2011