Windows Pro Defence is the “gift” prepared by FakeVimes rogue family. Just like other predecessors of this malicious clan, this rogue uses the same alerts that report identical viruses and suggests to purchase licensed Windows Pro Defence in order to eliminate all spotted problems. This program has absolutely the same interface as its immediate relatives and its purposes are also the same – they are released to rob the random Internet surfers. The only distinctive features are the names of these programs.
As soon as this unwanted tool is downloaded, it is set to start every time you reboot your computer. Users report that they are bombarded by numerous alerts and scanners every time they reboot their computers and start their browsing sessions. Besides, malware starts actively ‘scanning’ the system for viruses and reports about hundreds of trojans, spyware, malware and other threats detected. However, though it looks trustworthy, Windows Pro Defence has nothing to do with legitimate PC’s protection and should be removed from the system without any delay. For making its victims scared, this rogue generates similar warning notifications:
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites
Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
We hope this post will help you to clear up the situation regard this junkware: it is a tool that should be removed ASAP from your computer before it starts causing more problems for you. Note that this virus may even start tracking your browsing habits and steal credit card details, passwords or other sensitive information. Also, it may cause Internet connection problems and even start redirecting you to various websites that are unsafe. GridinSoft Trojan Killer will help you to kill this parasite and relevant stuff easily and without any after-effects for your system.
Windows Pro Defence malware remover:
%AppData%\NPSWF32.dll
%AppData%\Protector-[rnd].exe
%AppData%\result.db
Delete Windows Pro Defence registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
No comments:
Post a Comment