Windows Supervision Center
Windows Supervision Center is a re-skin of slightly older rogue security applications. Like its cousins, Windows Supervision Center can stop programs from running, take over your web browser or display fake alerts about infections that aren't on your PC. Although purchasing Windows Supervision Center may reduce its attacks, this puts your credit card number in jeopardy and isn't recommended. Instead, consider getting rid of Windows Supervision Center by using real anti-malware software.
Windows Supervision Center Facts That Its Marketing Omits
Windows Supervision Center is only slightly different in appearance from other rogue programs like Windows Stability Center, Windows Defence Center, Windows Oversight Center and Windows Health Center. Each of these rogue threats is more or less the same thing, just with a different name to hide under while they infect your PC.
Windows Supervision Center, like other rogue programs in its family, is distributed by the Fake Microsoft Security Essentials Alert Trojan. This Trojan creates an initial warning about a 'Win32/Trojan' infection, and then installs its rogue threat payload regardless of whether your consent or refuse.
The most visible and irritating part of a Windows Supervision Center infection is its fake alerts and pop-ups, which use messages like the ones you can see below as part of a fake infection ruse:
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Windows Supervision Center doesn't try to detect real infections and can't remove Trojans, keyloggers or other threats. In fact, Windows Supervision Center's only purpose is to make you spend money on an activation key for fraudulent software.
How You Can Recover from Windows Supervision Center's Questionable Supervision
Even if you've decided to delete Windows Supervision Center, you'll have to deal with a few other attacks that are designed to make removing Windows Supervision Center more difficult:
- Windows Supervision Center may shut down applications, either at random or specifically to stop security and anti-malware processes from working. This may be done along with more fake warnings about infections in your anti-malware scanners or system tools. In truth, your programs aren't damaged at all, and if you stop Windows Supervision Center from running, you can access them as usual.
- Windows Supervision Center may take control of your web browser and determine which websites you visit regardless of your feelings about it. You should be particularly attentive to potential fake errors that tell you that a safe website is unsafe. Windows Supervision Center does this to prevent you from visiting anti-malware websites.
You can dodge Windows Supervision Center's Registry-based startup routine by using Safe Mode, which any Windows computer can use. Safe Mode will give you the kind of environment you need to delete Windows Supervision Center by using your preference in anti-malware software.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe 2 %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe 3 %UserProfile%\Application Data\Windows Supervision Center\ 4 %UserProfile%\Application Data\Windows Supervision Center\cookies.sqlite 5 %UserProfile%\Application Data\Windows Supervision Center\Instructions.ini
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Supervision Center"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | DebuggerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | DebuggerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exeHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
Additional Information on Windows Supervision Center
- The following messages's were detected:
# Message 1 System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.2 Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!3 Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!4 Warning!
Name: taskmgr.exe
Name: C:\WINDOWS\taskmgr.exe.5 Attention
Suspicious software activity is detected.
Please start system files scanning for details.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.