Home Malware Programs Rogue Anti-Spyware Programs Windows ProSecure Scanner

Windows ProSecure Scanner

Posted: May 11, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 78
First Seen: May 11, 2012
OS(es) Affected: Windows

Windows ProSecure Scanner is a clone of similar rogue anti-spyware scanners recently derived from Win32/FakeVimes. Like its relatives, Windows ProSecure Scanner may pretend to have security and anti-spyware features, but Windows ProSecure Scanner's system diagnostics are always fraudulent, its scans always filled with inaccurate results and its pop-ups always recommending self-destructive actions against nonexistent attacks. SpywareRemove.com malware researchers suggest that you delete Windows ProSecure Scanner just as any member of FakeVimes, should be deleted, via robust system scans from real anti-malware programs. While Windows ProSecure Scanner may attempt to convince you that its browser hijacks and software blockades are appearing for unrelated reasons, these symptoms are common to Windows ProSecure Scanner's family of scamware, regardless of where Windows ProSecure Scanner would like to place the blame.

Windows ProSecure Scanner – a Scanner without Any Scanning to Its Name

Windows ProSecure Scanner doesn't have any sort of genuine threat-detection or removal functions, but, despite this, does its best to imply otherwise with its ever-changing rotations of fake system alerts and scanner results. These fraudulent features will list highly-advanced PC threats by their technical names and can even pretend to detect direct attacks against your computer or the information stored therein, but, ultimately, all of this amounts to a cheap way to scam you out of your money. Like other rogue anti-spyware products from its family, all Windows ProSecure Scanner wants is to bully you into purchasing a software registration key, which is an act that SpywareRemove.com malware experts note to be self-destructive and pointlessly wasteful.

In spite of the lack of necessity for spending money on Windows ProSecure Scanner, you may wish to register Windows ProSecure Scanner anyway by using the code '0W000-000B0-00T00-E0020.' This code is accepted by many members of Win32/FakeVimes without purchase being required and can help to put a stop to Windows ProSecure Scanner's attacks prior to its proper removal. Other useful steps that SpywareRemove.com malware analysts can recommend when dealing with a Windows ProSecure Scanner infection include booting into Safe Mode or booting from network-shared hard drive or removable hard drive. This will simplify the process of scanning your PC to delete Windows ProSecure Scanner without any interference. The many FakeVimes family members include Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.

Why Windows ProSecure Scanner's Scam isn't Something to Ignore

After hearing that all of Windows ProSecure Scanner's security information is inaccurate, you might be tempted just to ignore Windows ProSecure Scanner and go about your business. Sadly, SpywareRemove.com malware research team is forced to discourage this, since Windows ProSecure Scanner belongs to a scamware family that's also noted for security-related attacks. Some of the most important issues that are symptomatic of a Windows ProSecure Scanner or other FakeVimes-based infection include:

  • Browser redirects whenever you try to use a search engine.
  • Problems with using legitimate security programs and Windows tools (prominently including Task Manager).
  • Disabled Windows security settings that cause your PC to be vulnerable to improperly-identified files.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%\Protector-{random 3 characters}.exe File name: %AppData%\Protector-{random 3 characters}.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Protector-{random 4 characters}.exe File name: %AppData%\Protector-{random 4 characters}.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\result.db File name: %AppData%\result.db
Mime Type: unknown/db
Group: Malware file
%Desktop%\Windows ProSecure Scanner.lnk File name: %Desktop%\Windows ProSecure Scanner.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{random}.exe

Related Posts

One Comment

  • Emily says:

    I have some computer prlmoebs?My computer has been acting strange lately. Just yesterday (1/12/09), it started. Yesterday's symptoms: All three user passwords changed without human interaction. That's all.Yesterday's Human Interactions: Computer administrator (me) fixed password problem by going into safe mode and using Built-In Administrator account. Also performed a virus check, came up clean. Also did Disk Defrag and Disk Cleanup. Came out fine. Ran Chkdsk on boot, came up fine, no prlmoebs. Messed with the registry to change a company name I put on there, and I know I changed the right thing. Yes, I changed it and it was put on there by ME. Deleted all system restore points under Local Disk options except the most recent. That's all.Today's Symptoms: BitTorrent DNA downloaded somehow, tried to run on my Firefox, wasn't compatible, can't uninstall from Firefox. BitTorrent DNA tried to access the internet, but was stopped by Windows Firewall. Also, when I tried to log onto my username, it wasn't there. I had to use Ctrl + Alt + Del on the Windows login screen, logged in fine with password I set yesterday. That's all.Today's Human Interactions: None, except for logging in using Ctrl + Alt + Del and using Firefox to write this. That's all.Computer Stats:Running Windows XP Home Edition, SP3.Model Dimension B110 by DellTricked out to look like windows vista, about 1 or 2 months ago (November/December 2008), no prlmoebs since.Hacked uitheme.dll file, hacked by ME.I want to know what might be wrong with my computer, and how I might be able to fix it, and anything else helpful. Please tell me if I need to put more details, because I'll try. Thanks all!I forgot to add: I don't have an os diskSome more things going on with the computer: my official symantec virus scanner does not update anymore, and I cannot force update. Another thing: the registry returns an access denied error whenever I update a key. This never happened to me.Even more junk I forgot: two other people that use my computer use IE7 every day and I don't know what sites they access, although they both say they go on safe sites. Don't blame me for using IE either, I use Firefox and ipod touch's Safari.

Loading...