Windows Spyware Protection

By | April 7, 2011 | 0 Comment

Windows Spyware Protection is a new variant of the rogue program called Best Malware Protection. This type of program can get itself on one’s computer whenever user executes a Trojan. It usually pretends to be a legitimate program from file-sharing networks. A fake movie website also distributes a copy of Windows Spyware Protection by requiring visitors to download a player, which is actually a malware. When installed on the PC, instead of installing the desired software, an unlicensed version of Windows Spyware Protection will appear on the system. This will be the start of computer annoyances in the form of fake pop-up messages and false virus scan results.

To prevent further harm on the computer, immediately remove Windows Spyware Protection using effective and genuine security software. A combination of anti-malware and anti-virus programs are effective in getting rid of rogue security product. Below is a simple guide that will help remove Windows Spyware Protection and all of its associated files that were dropped on the system. It is strongly recommend to stop buying this fake software, as it will charge excess amount on victim’s credit card account.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP, Windows Vista, Windows 7

What are the Symptoms of Windows Spyware Protection Infection?

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “8” = “avgui.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “7” = “avgfrw.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “6” = “avscan.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “10” = “avgscanx.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “5” = “avcenter.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “0” = “msseces.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Windows Spyware Protection”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “”1” = “MSASCui.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “3” = “egui.exe”
The threat will drop the following malicious files:
%UserProfile%\Application Data\Windows Spyware Protection\Instructions.ini
%UserProfile%\Start Menu\Programs\Windows Spyware Protection.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Spyware Protection.lnk
C:\Documents and Settings\All Users\Application Data\23077d\DF812_908.exe
%UserProfile%\Desktop\Windows Spyware Protection.lnk
%UserProfile%\Start Menu\Windows Spyware Protection.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *