Windows Antivirus Tool
Posted: February 24, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 12 |
First Seen: | February 24, 2014 |
---|---|
Last Seen: | January 8, 2020 |
OS(es) Affected: | Windows |
Windows Antivirus Tool is part of one of the most modern branches of the FakeVimes families, two overlapping groups of scamware that are known for frequent changes to their interfaces and brand names, all to make them look like legitimate anti-malware software. Some of the most meaningful issues associated with Windows Antivirus Tool and its countless clones include blocked applications, inaccurate threat-alerting pop-ups, fraudulent system scans, disabled security features and requests to purchase the scamware's full version. While malware researchers certainly don't recommend that last course of action, Windows Antivirus Tool should be dealt with ASAP, preferably, through using proven anti-malware strategies to delete Windows Antivirus Tool from your hard drive.
The Windows Tool that Works Against Your Security
Windows Antivirus Tool is an uncreative but still effective variant of previously-known members of FakeVimes FakePAV and Tritax. Members of the latter often are referred to by the label of NameChanger, which describes their tendency to appear with brand-new names like Windows Antivirus Tool on a frequent basis. However, while Windows Antivirus Tool may try to act like a new and unrelated program, malware researchers noted that all of its central functions have been borrowed from its ancestors in the rogue AV software industry, which include Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.
Windows Antivirus Tool's efforts at looking like an actual AV product go further than a mere swap of its name. Besides having the basic appearance of an anti-virus suite, Windows Antivirus Tool also includes a simulated 'system scan' feature that pulls up erroneous results and several formats of fake pop-up warnings. The latter often are tied into other, more serious attacks from Windows Antivirus Tool than pop-ups, such as attempts by Windows Antivirus Tool to terminate unwanted programs, during which Windows Antivirus Tool may display a pop-up that claims the program was infected or damaged.
Malware researchers have seen some programs targeted by Windows Antivirus Tool and other NameChanger variants more often than others. Social networking programs, such as instant messengers, as well as e-mail clients, Web browsers other than Internet Explorer and some security tools (particularly the Task Manager) all may be targeted and blocked by Windows Antivirus Tool. More than one method may be used to accomplish these attacks, which makes Windows Antivirus Tool a semi-sophisticated threat to your PC, albeit not one to equal a rootkit or a banking Trojan like Trojan Zeus.
Prying the Tool that's More Virus Than Antivirus Off of Your PC
Because Windows Antivirus Tool will block most programs through the continuous monitoring of your PC's memory processes, disabling Windows Antivirus Tool usually will be a required step in removing Windows Antivirus Tool. There aren't any advantages into purchasing Windows Antivirus Tool, which endangers your classified information and is a waste of money, but malware experts do note that it's safe to use free registration codes to fake Windows Antivirus Tool's registration, which can disable some of its most invasive functions. However, removing Windows Antivirus Tool from your computer always should be your ultimate goal, with the use of anti-malware software through Safe Mode being one of the most convenient and standardized ways of doing so.
Windows Antivirus Tool's installation may occur through the mislabeled downloads of hostile websites, through disguised Trojans attached to spam e-mail messages and through the direct attacks of website-hosted exploit kits, among other means. Since your Web browser often is the element in common with all of these attacks, strong Web-browsing security and the Web-browsing protection of anti-malware suites are helpful for blocking Windows Antivirus Tool's most-used infection vectors.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:svc-etcw.exe
File name: svc-etcw.exeSize: 1.05 MB (1059840 bytes)
MD5: 1745b2a29a6bc06caf243eb8d7e0b847
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2020
%AppData%\data.sec
File name: %AppData%\data.secMime Type: unknown/sec
Group: Malware file
%AppData%\svc-[RANDOM CHARACTERS].exe
File name: %AppData%\svc-[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\Start Menu\Programs\Windows Antivirus Helper.lnk
File name: %AllUsersProfile%\Start Menu\Programs\Windows Antivirus Helper.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\Windows Antivirus Helper.lnk
File name: %UserProfile%\Desktop\Windows Antivirus Helper.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "S_SC" = %AppData%\svc-[RANDOM CHARACTERS].exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[RANDOM CHARACTERS].exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[RANDOM CHARACTERS].exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exeHKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
Additional Information
# | Message |
---|---|
1 | Error System data security is at risk! To prevent potential PC errors, run a full system scan. |
2 | Error Trojan activity detected. System integrity at risk. Full system scan is highly recommended. |
3 | Firewall has blocked a program from accessing the Internet Internet Explorer C:\Windows\system32\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.ran |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.