Windows Active Defender

Windows Active Defender Description

Windows Active Defender is another entry into the annals of rogue anti-malware software that’s classified under the umbrella of the Win32/FakeVimes (or simply FakeVimes) family. While Windows Active Defender doesn’t have any true functions intended for the protection of your computer against viruses, rootkits and other PC threats, Windows Active Defender’s pop-up alerts and system scans will display inaccurate information to convince you otherwise. Attacks by Windows Active Defender may also include the creation of junk files, browser redirects or blocking legitimate PC security applications. Since Windows Active Defender’s real features place your PC in a state of considerable vulnerability, SpywareRemove.com malware experts encourage the use of exhaustive anti-malware scans to find and delete Windows Active Defender and anything else that was included in its installation attack.

Windows Active Defender: a Vigorous Offense Hiding Behind a Lackluster Defense

Windows Active Defender uses the same methodology common to all scamware: creating fake reasons to panic as an incentive for spending money on its fraudulent security software. Buying Windows Active Defender’s registration key should never be considered a wise idea, even though Windows Active Defender will constantly announce the presence of everything from keyloggers to unauthorized network activity to remote attempts to steal your identity. Because Windows Active Defender’s system scans and other security pretenses are all utterly fake, SpywareRemove.com malware researchers note that the best thing that you can do is ignore them wholesale.

As long as Windows Active Defender is active in memory, Windows Active Defender may also be a source of other attacks that Windows Active Defender will attempt to make look like activities of unrelated PC threats. These can include:

• Browser redirects that promote malicious sites, including spam-based search engines. SpywareRemove.com malware researchers especially advise you to minimize contact with any sites that are promoted by Windows Active Defender’s browser attacks.
• Blocked security and anti-malware tools, up to and including basic utilities like your Windows Task Manager.
• The creation of dummy files that Windows Active Defender may use to implicate other types of malware. These files are, in and of themselves, harmless, except insofar as they’re symptoms of a Windows Active Defender infection.
• Reduced security settings for various programs, including the Windows OS and your web browser.

The PC Security That Even Windows Active Defender Can’t Defend Itself Against

Windows Active Defender should always be disabled and removed as soon as possible, assuming you have access to anti-malware products that can do so with maximum safety. If Windows Active Defender attempts to block software that could remove Windows Active Defender, SpywareRemove.com malware researchers recommend booting into Safe Mode or using other alternatives in OS boot-up techniques to ensure that Windows Active Defender can’t launch. Failure to do this prior to a system scan can result in Windows Active Defender or other PC threats surviving even if they’re detected.

Similar precautions should be taken against any other member of FakeVimes, such as Smart Virus Eliminator, Windows Privacy Extension, Fast Antivirus 2009, Windows Private Shield, Windows Problems Stopper, Windows Expert Series, Windows Security System, VirusSecurity, Windows Basic Antivirus, Windows Software Keeper, System Protection Tools, Windows ProSecurity Scanner, Windows Premium Console, Home Malware Cleaner, Windows ProSecure Scanner, Windows Daily Adviser, Windows Proactive Safety, Windows Security Suite, Windows Managing System, Volcano Security Suite, Anti-Malware Lab, Windows Crucial Scanner, Windows Defending Center, Windows Premium Defender, Windows Activity Debugger, Windows Custodian Utility, Windows Defence Counsel, Keep Center Keeper, Windows Pro Solutions, Windows Secure Surfer, Windows Safety Series, Windows Protection Unit, Windows Antivirus Patch, Windows High-End Protection, Extra Antivirus, Live Enterprise Suite, Windows Guard Solutions, Windows Functionality Checker, Windows Maintenance Suite, Windows Enterprise Suite, Windows Privacy Module, Windows Web Commander, Windows No-Risk Agent, Windows Pro Safety, Windows Instant Scanner, Windows Smart Warden, Windows No-Risk Center, Windows Guard Tools, Windows Active Guard, Best Antivirus Software, Windows Virtual Angel, XP Smart Security, Windows Safety Maintenance, Windows Antivirus Care, Activate Ultimate Protection, Windows Ultimate Security Patch, Windows Virtual Firewall, Windows Secure Workstation, Windows Care Taker, My Security Engine, Strong Malware Defender, Windows Safety Manager, Windows Safety Module, Windows Internet Booster, Windows Safety Checkpoint, Windows Custom Management, Windows Debug Center, Windows Pro Web Helper, Windows Maintenance Guard, Windows Antivirus Release, Windows First-Class Protector, Smart Anti-Malware Protection, Windows Malware Sleuth, Windows Secure Web Patch, Antivirus Smart Protection, Windows Safety Toolkit, Windows Firewall Constructor, Windows Antihazard Solution, Total Anti Malware Protection, Windows Security Renewal, Windows Pro Defence, Home Safety Essentials, Windows Interactive Safety, Windows Protection Master, Windows Turnkey Console, Windows Anti-Malware Patch, Windows Safety Wizard, PC Live Guard, Personal Internet Security 2011, Internet Security Essentials, Windows Risk Minimizer, Windows Multi Control System, Windows Secure Workshop, Windows Abnormality Checker, Smart Internet Protection 2012, Windows Profound Security, CleanUp Antivirus, Windows Performance Adviser, Windows Be-on-Guard Edition, Smart Internet Protection 2011, Windows Process Director, Windows Pro Rescuer, Windows Virtual Security, Windows System Defender, My Security Wall, Virus Doctor, Security Master AV, Windows Pro Safety Release, Windows Advanced Security Center, Windows Virus Hunter, PrivacyGuard PRO, Windows Shield Tool, Windows Health Keeper, Windows Advanced User Patch, Windows Tools Patch, Windows PC Aid, Windows Custom Safety, Windows Interactive Security, Windows Telemetry Center, Windows Trouble Taker, Windows Control Series, Smart Engine, Windows Warding System, Windows Safeguard Upgrade, Windows Advanced Toolkit, Additional Guard, Windows Shielding Utility, Windows Proprietary Advisor, Internet Security Suite, Windows Web Combat, Windows Personal Doctor, Windows Enterprise Defender, Personal Security Sentinel, Windows Home Patron, Windows Antivirus Machine, Enterprise Suite, Windows Smart Partner, Windows PRO Scanner, Windows Stability Guard, Windows Efficiency Accelerator, Windows Antivirus Rampart, Windows AntiHazard Helper, Security Antivirus, Smart Security, Windows Ultimate Safeguard, Live PC Care, My Security Shield, Windows Guardian Angel, Windows AntiHazard Center, Windows Software Saver, Windows Sleek Performance, Windows Privacy Counsel, Best Malware Protection, Windows Performance Catalyst, Windows Threats Destroyer, Windows Premium Guard and Windows Protection Maintenance. Modern FakeVimes variants are particularly likely to resemble Windows Active Defender in both their appearances and naming schemes – the latter of which will usually (but not always) follow a pattern such as ‘Windows [adjective] [noun].’

Windows Active Defender Automatic Detection Tool (Recommended)

Visual & GUI Characteristics

Technical Details

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\Debugger = svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"

Home Malware ProgramsRogue Anti-Spyware Programs Windows Active Defender