Home Malware Programs Rogue Anti-Spyware Programs Windows Component Protector

Windows Component Protector

Posted: April 10, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 152
First Seen: April 10, 2012
Last Seen: October 22, 2021
OS(es) Affected: Windows

Windows Component Protector Screenshot 1Windows Component Protector promotes itself as an anti-virus scanner and general security tool, but as a member of Win32/FakeVimes, Windows Component Protector doesn't have even one of the features that Windows Component Protector claims to possess for the sake of your PC's safety. Quite the contrary, the working functions in Windows Component Protector's repertoire are intended to reduce your security through attacks such as creating inaccurate system alerts, disabling warnings against files with invalid signatures, redirecting your online searches and preventing you from accessing real security programs. Since Windows Component Protector's number-one goal is to steal your money and financial information in a fraudulent registration process, SpywareRemove.com malware researchers recommend that you disappoint the criminals behind Windows Component Protector's scam and disregard Windows Component Protector's warnings and requests. All associated symptoms of a Windows Component Protector infection can be resolved by deleting Windows Component Protector with an appropriate anti-malware application.

Windows Component Protector: a Digital Bully in Guard's Armor

Windows Component Protector claims to have a variety of both typical and atypical security functions for the benefit of your computer, but the real purpose of Windows Component Protector's features is to provide inaccurate attack warnings and PC threat alerts to mislead you about your computer's security. Scans and other forms of information from Windows Component Protector will always provide fake information that should be discarded as inaccurate, and under no circumstances should Windows Component Protector be treated as any type of legitimate security program to be purchased. However, SpywareRemove.com malware research team has found some use in faking Windows Component Protector's registration by using the free code '0W000-000B0-00T00-E0020,' which can reduce its attacks until you're ready to remove Windows Component Protector.

Because Windows Component Protector uses standard Registry exploits to launch itself without permission and remain hidden in the form of a background process, you should always be alert for the possibility of Windows Component Protector's fake pop-up warnings on any Windows Component Protector-infected PC.

The Software-Based Armor That Even Windows Component Protector Can't Penetrate

Between its registration requests and fake alerts, SpywareRemove.com malware researchers also warn that Windows Component Protector may endanger your PC with other attacks that are designed to reduce your security and prevent you from accessing software that could delete Windows Component Protector and related PC threats. Noted below are common attacks from such members of the FakeVimes family, which includes Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.

  • Your browser may be hijacked and blocked from loading safe sites or forced to load hostile websites. In particular, FakeVimes-based PC threats like Windows Component Protector are noted for hijacking online searches.
  • Your system settings will be changed to allow you to download files with invalid signatures without warnings. Signatures are used to determine the legitimacy of program files and guard your PC against fraudulent or otherwise malicious applications (like Windows Component Protect itself).
  • Not content with being the loudest fake security program on your PC, Windows Component Protector's domineering behavior also extends to disabling competing anti-malware, security and even scamware programs. This may require you to stop Windows Component Protector from running before you can remove Windows Component Protector with appropriate security software, which SpywareRemove.com malware experts recommend as the preferential solution to any Windows Component Protector infection.


Windows Component Protector Screenshot 2Windows Component Protector Screenshot 3Windows Component Protector Screenshot 4Windows Component Protector Screenshot 5Windows Component Protector Screenshot 6Windows Component Protector Screenshot 7Windows Component Protector Screenshot 8Windows Component Protector Screenshot 9Windows Component Protector Screenshot 10Windows Component Protector Screenshot 11Windows Component Protector Screenshot 12

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%\npswf32.dll File name: %AppData%\npswf32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\Inspector-[RANDOM CHARACTERS].exe File name: %AppData%\Inspector-[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonPrograms%\Windows Component Protector.lnk File name: %CommonPrograms%\Windows Component Protector.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%DesktopDir%\Windows Component Protector.lnk File name: %DesktopDir%\Windows Component Protector.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

Additional Information

The following messages's were detected:
# Message
1Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
2Error Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan.
3Warning Firewall has blocked a program from accessing the Internet C:program filesinternet exploreriexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
4Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites
5Warning! Identity theft attempt Detected Hidden connection IP: 58.82.12.124 Target: Your passwords for sites

Loading...