Windows Virtual Angel
Windows Virtual Angel Description
More of a barely-disguised devil than a divine messenger, Windows Virtual Angel is another example of fake anti-malware software from Win32/FakeVimes, and like its relatives, Windows Virtual Angel does its best to portray itself as having security and anti-malware features that aren’t truly in evidence.
Windows Virtual Angel – Swinging a Halo That’s on Loan from Fellow Succubi
As a recently-emerged member of FakeVimes scamware, Windows Virtual Angel is visually cloned from other well-known types of fake anti-malware programs, such as Windows Safety Series, Windows Telemetry Center, Windows Web Commander, Windows Virus Hunter, My Security Engine, Windows Protection Master, Windows Safety Maintenance, Windows Secure Workshop, Internet Security Essentials, Windows Pro Solutions, Windows Safety Module, Windows Antivirus Rampart, Windows Proactive Safety, Smart Anti-Malware Protection, Strong Malware Defender, Total Anti Malware Protection, Windows Performance Catalyst, Windows Threats Destroyer, Windows Pro Rescuer, PrivacyGuard PRO, Security Master AV, Windows AntiHazard Center, Windows Protection Unit, Best Malware Protection, Windows Turnkey Console, Windows Pro Defence, Windows Security Suite, Windows Anti-Malware Patch, Windows Functionality Checker, Windows Pro Web Helper, Windows Antihazard Solution, Personal Internet Security 2011, Windows Abnormality Checker, Windows Premium Console, Windows ProSecure Scanner, System Protection Tools, Windows Proprietary Advisor, Smart Internet Protection 2012, Fast Antivirus 2009, PC Live Guard, Windows Shield Tool, Windows Internet Booster, Windows Private Shield, Windows Custom Safety, Personal Security Sentinel, Windows Managing System, XP Smart Security, Windows Smart Partner, Windows Performance Adviser, Windows Maintenance Suite, Windows Antivirus Machine, Antivirus Smart Protection, Windows Warding System, Live Enterprise Suite, Home Malware Cleaner, VirusSecurity, Windows Interactive Safety, CleanUp Antivirus, Windows Daily Adviser, Windows Efficiency Accelerator, Best Antivirus Software, Windows Privacy Module, Windows Maintenance Guard, Windows Privacy Extension, Live PC Care, My Security Wall, Windows No-Risk Agent, Windows Advanced User Patch, Windows Pro Safety, Windows Profound Security, Windows Guard Solutions, Windows Guard Tools, Keep Center Keeper, Windows Risk Minimizer, Windows Antivirus Patch, Windows Premium Guard, Windows Secure Surfer, Windows Safeguard Upgrade, Windows Home Patron, Volcano Security Suite, Windows Defending Center, Windows Defence Counsel, Virus Doctor, Windows Problems Stopper, Windows Sleek Performance, Windows Protection Maintenance, Extra Antivirus, Windows PRO Scanner, Windows Trouble Taker, Windows High-End Protection, Windows Antivirus Release, Windows Basic Antivirus, Windows Activity Debugger, Anti-Malware Lab, Windows Software Keeper, Windows Pro Safety Release, Windows PC Aid, Windows Premium Defender, Windows Crucial Scanner, Windows Secure Web Patch, Windows Virtual Firewall, Windows Health Keeper, Windows Guardian Angel, Windows Safety Wizard, Windows Privacy Counsel, Windows Control Series, Windows Expert Series, Windows Custodian Utility, Windows Care Taker, Smart Security, Windows First-Class Protector, Windows Firewall Constructor, Windows Shielding Utility, Enterprise Suite, My Security Shield, Smart Engine, Windows Advanced Security Center, Windows Active Guard, Windows Safety Manager, Windows Interactive Security, Smart Virus Eliminator, Windows Advanced Toolkit, Activate Ultimate Protection, Windows Software Saver, Windows Malware Sleuth, Security Antivirus, Windows Instant Scanner, Windows Antivirus Care, Windows Security Renewal, Windows Enterprise Defender, Home Safety Essentials, Windows Tools Patch, Additional Guard, Windows No-Risk Center, Windows AntiHazard Helper, Windows ProSecurity Scanner, Windows Be-on-Guard Edition, Windows Custom Management, Windows Stability Guard, Internet Security Suite, Windows Secure Workstation, Windows Smart Warden, Windows Active Defender, Windows Virtual Security, Windows Debug Center, Windows Multi Control System, Windows Web Combat, Windows Ultimate Safeguard, Windows Enterprise Suite, Windows Safety Toolkit, Windows Safety Checkpoint, Windows Security System, Windows Personal Doctor, Windows Process Director, Windows Ultimate Security Patch, Windows System Defender and Smart Internet Protection 2011. Besides an appearance that’s reminiscent of (the now outdated) Windows Security Center, Windows Virtual Angel and its relatives are easily identifiable by the inclusion of fake features like anti-phishing protection and a faux memory monitor that’s labeled the Advanced Process Control. Prominent visual symptoms of Windows Virtual Angel being active include fraudulent pop-up warnings and system scans that display nonexistent infections for high-level PC threats (such as technically-identified rootkits and banking Trojans).
To the end of stealing your money with your own permission for the deed, Windows Virtual Angel will launch with Windows and create a constant appearance of your PC being under assault from numerous PC threats. Even though Windows Virtual Angel will indicate that the easiest solution to your troubles would be to buy its full version for a complete disinfection, SpywareRemove.com malware researchers recommend against this as a pointless expenditure of money for nonfunctional security software. Despite this, if you have any hint that it could help with deleting Windows Virtual Angel, you may wish to register Windows Virtual Angel for free with the code ’0W000-000B0-00T00-E0020.’
Counting the Tally of This Fake Angel’s Sins
Windows Virtual Angel can also be involved in other PC issues besides its attempt at playing itself off as a security program. Standard attacks from FakeVimes-related PC threats like Windows Virtual Angel that SpywareRemove.com malware researchers have confirmed include:
- Programs being blocked from memory. This forces them to terminate and prevents you from accessing them while Windows Virtual Angel is active, although no permanent damage to the related software is incurred.
- Deleted Registry entries for various programs, especially security-related ones (such as memory monitors or anti-virus scanners). This will require you to restore your Registry, repair it or reinstall the affected program before Windows Virtual Angel can launch again.
- Online search redirects to potentially harmful websites. This can include changes to your search results.
- Registry-based setting changes that make your PC vulnerable to other attacks. One such attack by Windows Virtual Angel that’s easily-observed is its capability for disabling the Windows UAC.
In light of all this, SpywareRemove.com malware researchers strongly suggest sending Windows Virtual Angel to the PC equivalent of the underworld (AKA the Recycle Bin) with a suitable anti-malware product as soon as you can access such software.
Aliases
Adware:Win32/AdRotator [Microsoft]Gen:Variant.Adware.Ezula.1 (B) [Emsisoft]Trojan.Win32.Ezula.xuhyp [NANO-Antivirus]Adware.Rotator.XGen [Malwarebytes]Generic Malware [Panda]Trojan-Dropper.Win32.Dapato [Ikarus]Trojan-Dropper.Dapato.biww [VBA32]Mal/Generic-L [Sophos]Trojan-Dropper.Win32.Dapato!IK [Emsisoft]TROJ_SPNR.29HH12 [TrendMicro-HouseCall]
More aliases (136)
Windows Virtual Angel Automatic Detection Tool (Recommended)
Is your PC infected with Windows Virtual Angel? To safely & quickly detect Windows Virtual Angel, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Windows Virtual Angel
What happens if Windows Virtual Angel does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %WINDIR%\ SysWow64\ f3340ad2.dll 396 2 %WINDIR%\ system32\ f078b911.dll 220 3 %WINDIR%\ S-1-5-21-0075150617-0772129065-402540000-4697\ king.exe 159 4 %PROGRAMFILES%\ WBX\ wbx.exe 143 5 %WINDIR%\ system32\ svdir\ nsb.exe 49 6 %WINDIR%\ svcnet2\ svcnet2.exe 44 7 %APPDATA%\ Alps\ Alps.exe 12 8 %ALLUSERSPROFILE%\ Local Settings\ Temp\ msajhywpc.exe 12 9 %APPDATA%\ Protector-hayq.exe N/A 10 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Additional Information
- The following messages's were detected:
# Message 1 Error Attempt to modify registry key entries detected. Registry entry analysis is recommended. 2 Error Potential malware detected It is recommended to activate the protection and perform a thorough system scan to remove the malware. 3 Warning Firewall has blocked a program from accessing the Internet Windows XP USER API Clien: DLL User32.dll User32.dll is suspended to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. Recommended: Please click “Prevent attack” button to prevent all attacks and protect your PC.
Posted: July 11, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(1 votes, average: 5.00 out of 5)
Loading ...Rate this article:
Detection Count: 354
