Windows Secure Surfer
Windows Secure Surfer Description
Windows Secure Surfer is a new variant of Win32/FakeVimes (also known as Rogue.FakeVimes), a group of rogue anti-spyware programs that display fraudulent security info alongside attacks against your computer’s real security features. Because a Windows Secure Surfer infection can include such functions as browser redirects to malicious sites or attempts to block your security software, SpywareRemove.com malware researchers suggest removing Windows Secure Surfer immediately and with an appropriate choice of anti-malware software. Until you’ve deleted Windows Secure Surfer, your PC will also be forced to sit through system scans with fake results and a wide range of fake popup alerts that should all be ignored as parts of Windows Secure Surfer’s clumsy and deceitful self-marketing campaign.Riding Windows Secure Surfer’s Waves Right to Deceit, Theft and Loss of Personal Information
Windows Secure Surfer, like every other member of its family, may look like an anti-spyware scanner with a whole parcel’s worth of extra security features, but Windows Secure Surfer’s real ability to find or remove PC threats is utterly nonexistent. To cover up for this deficiency, Windows Secure Surfer displays constant popup warnings about various attacks (such as identity theft or unauthorized network activity), along with fake infection alerts that identify PC threats that aren’t on your hard drive.
Similar precautions also apply to rogue anti-spyware products that are clones of Windows Secure Surfer, such as Extra Antivirus, Home Malware Cleaner, Windows Basic Antivirus, Windows Maintenance Suite, Internet Security Suite, Windows Sleek Performance, Windows Antivirus Rampart, Windows Interactive Security, Windows Defence Counsel, Windows Antivirus Machine, PC Live Guard, Windows Custodian Utility, Windows Premium Console, Windows Safety Manager, Windows Internet Booster, Windows Advanced Toolkit, Windows Virtual Security, Windows Malware Sleuth, Windows Guard Solutions, Windows Safety Maintenance, Internet Security Essentials, Windows Shield Tool, Windows Shielding Utility, Best Antivirus Software, Windows Virtual Firewall, Windows Safety Module, Smart Security, Anti-Malware Lab, Smart Virus Eliminator, Windows Telemetry Center, Windows Defending Center, Windows Pro Web Helper, Smart Internet Protection 2012, Windows Functionality Checker, Windows Safety Toolkit, Windows Software Saver, Windows Software Keeper, Windows Warding System, Windows Care Taker, Windows Secure Workstation, Windows Web Combat, PrivacyGuard PRO, Windows Daily Adviser, Windows Multi Control System, Keep Center Keeper, Security Master AV, Windows Pro Defence, Windows Threats Destroyer, Windows Managing System, Windows AntiHazard Helper, Windows Abnormality Checker, Windows Advanced Security Center, Windows Activity Debugger, Fast Antivirus 2009, Windows Problems Stopper, System Protection Tools, Windows Advanced User Patch, Windows Pro Solutions, Activate Ultimate Protection, Windows Security Suite, Windows PC Aid, Windows Instant Scanner, Windows Proprietary Advisor, Enterprise Suite, Windows Protection Maintenance, Windows Pro Safety Release, Windows Interactive Safety, Windows Web Commander, Best Malware Protection, Windows ProSecurity Scanner, Home Safety Essentials, Windows Ultimate Security Patch, Windows Crucial Scanner, Windows Antivirus Care, Windows Maintenance Guard, Windows Virtual Angel, My Security Shield, Windows Performance Adviser, Windows Private Shield, Windows Privacy Extension, XP Smart Security, Windows Performance Catalyst, Windows Efficiency Accelerator, Windows Proactive Safety, Windows Security Renewal, Additional Guard, Personal Internet Security 2011, Windows Smart Warden, Windows Ultimate Safeguard, Smart Anti-Malware Protection, Windows PRO Scanner, Windows Control Series, Windows Debug Center, Windows Security System, Windows Premium Defender, Windows Pro Rescuer, Windows Safeguard Upgrade, Volcano Security Suite, Windows Antihazard Solution, Windows Virus Hunter, Windows Guardian Angel, Windows Process Director, Windows Safety Checkpoint, Windows Privacy Counsel, Windows Anti-Malware Patch, Windows Tools Patch, Smart Engine, CleanUp Antivirus, Windows Trouble Taker, Windows Custom Safety, Windows Personal Doctor, Windows No-Risk Agent, Windows Smart Partner, Windows Antivirus Patch, Antivirus Smart Protection, Windows Risk Minimizer, My Security Wall, Windows ProSecure Scanner, Windows Pro Safety, Windows Secure Web Patch, Windows Turnkey Console, Windows Safety Wizard, Windows Privacy Module, Security Antivirus, Strong Malware Defender, Windows Firewall Constructor, Windows Health Keeper, Windows Protection Unit, Windows Custom Management, Smart Internet Protection 2011, Windows Safety Series, Windows No-Risk Center, Windows First-Class Protector, Windows Be-on-Guard Edition, Windows Enterprise Suite, VirusSecurity, Live Enterprise Suite, Windows Active Defender, Windows Expert Series, Windows Secure Workshop, Windows System Defender, Personal Security Sentinel, Windows Protection Master, Windows Enterprise Defender, Windows Stability Guard, Windows Premium Guard, Total Anti Malware Protection, Virus Doctor, Live PC Care, Windows High-End Protection, Windows Guard Tools, My Security Engine, Windows Profound Security, Windows Home Patron, Windows Antivirus Release, Windows AntiHazard Center and Windows Active Guard. If Windows Secure Surfer or a relative of infects your PC, you may find it convenient to fake registration with the FakeVimes family code ’0W000-000B0-00T00-E0020.’ While this fake registration can cause some of Windows Secure Surfer’s attacks to be mitigated, you shouldn’t attempt to purchase a ‘real’ registration code for Windows Secure Surfer, which will put your money and sensitive data in criminal possession.
How Being Lazy About Kicking Windows Secure Surfer Off of Your Ride Can Come Back to Haunt You
Without a doubt, the definitive characteristics of a Windows Secure Surfer infection are its fake security displays. However, SpywareRemove.com malware analysts have also found reasons to warn, in particular, about other security-related attacks that Windows Secure Surfer and its family have been known to launch. Some typical FakeVimes-based attacks can also extend to:
- Launching Windows Secure Surfer without your consent and keeping it open even after you try to close it.
- Blocking your real security programs, along with Windows utilities like Task Manager or the Registry Editor.
- Disabled Windows security functions, notably including the UAC.
- Redirecting your browser, particularly during online searches.
Aliases
Trojan.Win32.FakeAV [Ikarus]Dropper/Win32.Romeo [AhnLab-V3]Trojan.Win32.FakeAV!IK [Emsisoft]Trojan-Dropper.Win32.Dapato.awui [Kaspersky]Win32/Adware.WintionalityChecker.AF [NOD32]Artemis!6C9B169944DA [McAfee-GW-Edition]Trojan.Win32.Generic.pak!cobra [VIPRE]FakeAlert-PJ.gen.aw [McAfee]Suspicious file [Panda]Virus.Generic [PCTools]
More aliases (14)
Windows Secure Surfer Automatic Detection Tool (Recommended)
Is your PC infected with Windows Secure Surfer? To safely & quickly detect Windows Secure Surfer, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Windows Secure Surfer
What happens if Windows Secure Surfer does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %APPDATA%\ Protector-lmsj.exe 679 2 %APPDATA%\ Protector-ynmo.exe 286 3 Protector-bafo.exe 162 4 %APPDATA%\ Protector-nqtk.exe 110 5 %APPDATA%\ Protector-cubv.exe 73 6 %AppData%\NPSWF32.dll N/A 7 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A 8 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A 9 %AppData%\result.db N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-13_4"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "hspbkebjqj"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Additional Information
- The following messages's were detected:
# Message 1 Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.2 Error
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan.3 Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Posted: May 13, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(4 votes, average: 4.25 out of 5)
Loading ...Rate this article:
Detection Count: 471
