Windows Ultra-Antivirus
Posted: July 27, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 48 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 655,263 |
| First Seen: | July 27, 2012 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
Windows Ultra-Antivirus is a rogue anti-virus scanner and a member of the Winwebsec family of scamware. While Windows Ultra-Antivirus may have the basic aesthetics of a system scanner that detects viruses and other PC threats, SpywareRemove.com malware researchers have validated Windows Ultra-Antivirus's shortcomings in this area, and you should never expect security pop-ups or scans from Windows Ultra-Antivirus to be anything less than fraudulent. Besides its misleading security information, Windows Ultra-Antivirus and related PC threats may also block safe websites or unrelated programs. Because Windows Ultra-Antivirus is a new variant of WinWeb Security, having updated anti-malware software can be especially necessary for detecting and deleting Windows Ultra-Antivirus, which will resist normal methods for uninstalling software.
Windows Ultra-Antivirus – a PC Threat with Ultra-Convincing Lies
While full analyses of Windows Ultra-Antivirus's payload and other capabilities remain forthcoming, Windows Ultra-Antivirus bears strong characteristics of the family of rogue AV products known as Win32/Winwebsec. SpywareRemove.com malware researchers have found other members of the Winwebsec family also in distribution, such as Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. Those rogue security programs should be considered identical to Windows Ultra-Antivirus in all meaningful respects.
As rogue anti-virus software, Windows Ultra-Antivirus can create various pop-up alerts, including taskbar notifications, fake browser messages and firewall alerts to make your PC appear as though it's under attack by unrelated PC threats. Although the PC threats that Windows Ultra-Antivirus detects may be real in the sense that they're true types of malicious software Windows Ultra-Antivirus isn't capable of detecting anything that might be wrong with your computer, including the presence of any potential infections (such as banking Trojans, worms, keyloggers or rootkits).
SpywareRemove.com malware analysts recommend that you disable Windows Ultra-Antivirus and any other PC threats of a potentially less visible nature before you try to delete Windows Ultra-Antivirus with dedicated anti-malware software. Accessing Safe Mode is one viable solution in a Windows environment, although, in other circumstances, it may be preferable to boot your PC from a clean flash drive.
The Problems with Windows Ultra-Antivirus Besides Sheer Inaccuracy
Because Winwebsec-based PC threats like Windows Ultra-Antivirus have also been noted to cause legitimate security hazards along with their fake security scams, SpywareRemove.com malware experts encourage Windows Ultra-Antivirus's removal as soon as possible. Side effects of a Windows Ultra-Antivirus infection may include:
- Disabled access to websites. Windows Ultra-Antivirus may also display a fake firewall alert while Windows Ultra-Antivirus blocks a given website.
- Disabled access to other programs, particularly anti-malware and security utilities. Fraudulent pop-ups may indicate that these programs are infected or damaged.
- Finally, Windows Ultra-Antivirus may also include Trojan downloader functions that allow Windows Ultra-Antivirus to install other PC threats without your consent. Worms such as Koobface and Swimnag are particularly common payloads for Winwebsec-based scamware.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\NPSWF32.dll
File name: %AppData%\NPSWF32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\[RANDOM].exe
File name: %AppData%\[RANDOM].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\Windows Ultra-Antivirus.lnk
File name: %Desktop%\Windows Ultra-Antivirus.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Programs\Windows Ultra-Antivirus.lnk
File name: %StartMenu%\Programs\Windows Ultra-Antivirus.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exeHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\52fb2397ad5bf9eb\
Additional Information
| # | Message |
|---|---|
| 1 | Security Warning!
Your computer is not checked for viruses! System scan is recommended. Press "scan" to check. |
| 2 | Win32/Exploit.CVE-2010-3333.0
Win32/Exploit.CVE-2010-3333.0 is a malicious Trojan virus created by cyber-criminals to install and initiate other versions of malicious information on the victim?s PC. Win32/Exploit.CVE-2010-3333.0 will be included into a list of programs which will run automatically when Windows operating system starts up. Therefore, it is very difficult to detect manually and remove Win32/Exploit.CVE-2010-3333.0. However, it is strongly recommended to remove Win32/Exploit.CVE-2010-3333.0 immediately because Win32/Exploit.CVE-2010-3333.0is able to cause additional damages to your infected Windows system. |
when i start any game my computer just frzeees and my cover changes color and after coming up a small my cover turns blue and it sez it found a problem so can that be a virus and how can i fix it