Windows Ultra-Antivirus

Windows Ultra-Antivirus Description

Windows Ultra-Antivirus is a rogue anti-virus scanner and a member of the Winwebsec family of scamware. While Windows Ultra-Antivirus may have the basic aesthetics of a system scanner that detects viruses and other PC threats, SpywareRemove.com malware researchers have validated Windows Ultra-Antivirus’s shortcomings in this area, and you should never expect security pop-ups or scans from Windows Ultra-Antivirus to be anything less than fraudulent. Besides its misleading security information, Windows Ultra-Antivirus and related PC threats may also block safe websites or unrelated programs. Because Windows Ultra-Antivirus is a new variant of WinWeb Security, having updated anti-malware software can be especially necessary for detecting and deleting Windows Ultra-Antivirus, which will resist normal methods for uninstalling software.

Windows Ultra-Antivirus – a PC Threat with Ultra-Convincing Lies

While full analyses of Windows Ultra-Antivirus’s payload and other capabilities remain forthcoming, Windows Ultra-Antivirus bears strong characteristics of the family of rogue AV products known as Win32/Winwebsec. SpywareRemove.com malware researchers have found other members of the Winwebsec family also in distribution, such as Windows Attacks Preventor, Smart Protection 2012, Live Essential Platinum, Windows Secure Kit 2011, Security Shield, Advanced Security Tool 2010, System Care Antivirus, System Security 2012, Total Security 2009, Personal Shield Pro, System Progressive Protection, Total Security, System Tool 2011, Microsoft Antivirus 2013, System Security, Advanced PC Shield 2012, Security Shield/Scanner, Security Monitor 2012, Live Security Platinum, Security Sphere 2012, Security Tool, System Adware Scanner 2010, MS Removal Tool, Smart Fortress 2012, Security Scanner 2012, Disk Antivirus Professional, AVASoft Antivirus Professional, Security Shield 2012 and Winweb Security. Those rogue security programs should be considered identical to Windows Ultra-Antivirus in all meaningful respects.

As rogue anti-virus software, Windows Ultra-Antivirus can create various pop-up alerts, including taskbar notifications, fake browser messages and firewall alerts to make your PC appear as though it’s under attack by unrelated PC threats. Although the PC threats that Windows Ultra-Antivirus detects may be real in the sense that they’re true types of malicious software Windows Ultra-Antivirus isn’t capable of detecting anything that might be wrong with your computer, including the presence of any potential infections (such as banking Trojans, worms, keyloggers or rootkits).

SpywareRemove.com malware analysts recommend that you disable Windows Ultra-Antivirus and any other PC threats of a potentially less visible nature before you try to delete Windows Ultra-Antivirus with dedicated anti-malware software. Accessing Safe Mode is one viable solution in a Windows environment, although, in other circumstances, it may be preferable to boot your PC from a clean flash drive.

The Problems with Windows Ultra-Antivirus Besides Sheer Inaccuracy

Because Winwebsec-based PC threats like Windows Ultra-Antivirus have also been noted to cause legitimate security hazards along with their fake security scams, SpywareRemove.com malware experts encourage Windows Ultra-Antivirus’s removal as soon as possible. Side effects of a Windows Ultra-Antivirus infection may include:

• Disabled access to websites. Windows Ultra-Antivirus may also display a fake firewall alert while Windows Ultra-Antivirus blocks a given website.
• Disabled access to other programs, particularly anti-malware and security utilities. Fraudulent pop-ups may indicate that these programs are infected or damaged.
• Finally, Windows Ultra-Antivirus may also include Trojan downloader functions that allow Windows Ultra-Antivirus to install other PC threats without your consent. Worms such as Koobface and Swimnag are particularly common payloads for Winwebsec-based scamware.

Windows Ultra-Antivirus Automatic Detection Tool (Recommended)

Visual & GUI Characteristics

Technical Details

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\..\..{RegistryKeys}WinUltraAntivirusHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}wazibtuqtugpHKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exeHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\52fb2397ad5bf9eb\

Additional Information

• The following URL's were detected:
  hxxp://www.zokaisoft.com/payments/buynow.php?vendorId=1
• The following messages's were detected:
  

  #	Message
  1	Security Warning! Your computer is not checked for viruses! System scan is recommended. Press "scan" to check.
  2	Win32/Exploit.CVE-2010-3333.0 Win32/Exploit.CVE-2010-3333.0 is a malicious Trojan virus created by cyber-criminals to install and initiate other versions of malicious information on the victim?s PC. Win32/Exploit.CVE-2010-3333.0 will be included into a list of programs which will run automatically when Windows operating system starts up. Therefore, it is very difficult to detect manually and remove Win32/Exploit.CVE-2010-3333.0. However, it is strongly recommended to remove Win32/Exploit.CVE-2010-3333.0 immediately because Win32/Exploit.CVE-2010-3333.0is able to cause additional damages to your infected Windows system.

Home Malware ProgramsRogue Anti-Virus Programs Windows Ultra-Antivirus