Windows Virtual Firewall

Windows Virtual Firewall Description

Windows Virtual Firewall is a new variant of FakeVimes, a Trojan family that uses fake security scans and pop-ups warnings to present misleading information about your PC’s status. Windows Virtual Firewall, like all of its ilk, pretends to be an anti-malware product with a generous assortment of other security features, such as a memory-monitoring utility, a firewall manager and, of course, an anti-virus scanner. Although Windows Virtual Firewall is a new arrival to the FakeVimes family of rogue anti-malware applications, its appearance and functions are identical to that of other recent members.

Why There Isn’t Anything ‘Virtual’ About Windows Virtual Firewall’s Real Features

Although Windows Virtual Firewall is a new arrival to the FakeVimes family of rogue anti-malware applications, its appearance and functions are identical to that of other recent members. PCs that are infected with Windows Virtual Firewall will be immediately detectable under most circumstances, since Windows Virtual Firewall will launch with Windows and proceed to display a range of inaccurate pop-up warnings. These are accompanied by system scans that include nonexistent (albeit accurately-defined) PC threats, including rootkits and advanced forms of spyware. Closely-related PC threats from Windows Virtual Firewall’s family include examples such as Windows Pro Safety, Windows Advanced Toolkit, Windows Secure Surfer, Smart Virus Eliminator, Windows PC Aid, Security Antivirus, Antivirus Smart Protection, Windows Pro Safety Release, Windows Premium Defender, Windows Malware Sleuth, Windows Web Combat, Windows PRO Scanner, PC Live Guard, Windows Performance Catalyst, Smart Internet Protection 2011, Total Anti Malware Protection, Windows Risk Minimizer, Windows ProSecurity Scanner, Windows Maintenance Guard, Windows AntiHazard Helper, Windows Activity Debugger, Windows ProSecure Scanner, Windows Maintenance Suite, Windows Secure Workshop, Windows Safety Manager, Windows Expert Series, Windows Antihazard Solution, Windows First-Class Protector, Live PC Care, Windows Safety Maintenance, Windows Guard Tools, System Protection Tools, Windows Antivirus Release, Windows Software Saver, Windows Active Defender, Windows Protection Master, Windows Guardian Angel, Windows Pro Solutions, Windows Trouble Taker, Windows Antivirus Patch, Windows Internet Booster, Windows Functionality Checker, Additional Guard, Windows Web Commander, Windows Safety Checkpoint, Security Master AV, Windows Premium Guard, Windows No-Risk Center, Windows Abnormality Checker, Windows Home Patron, Windows Safety Module, Windows Ultimate Security Patch, Live Enterprise Suite, Smart Internet Protection 2012, Virus Doctor, Windows AntiHazard Center, Internet Security Essentials, Windows Safety Wizard, Windows Performance Adviser, Windows Interactive Safety, Windows Anti-Malware Patch, Windows System Defender, Windows Crucial Scanner, Smart Security, Windows Software Keeper, Windows Security Renewal, Windows Care Taker, Windows Shield Tool, Home Safety Essentials, Windows Debug Center, Extra Antivirus, Windows Guard Solutions, Windows Proprietary Advisor, Windows Virus Hunter, Windows Ultimate Safeguard, My Security Shield, Windows Control Series, Windows Tools Patch, Windows Enterprise Suite, Personal Security Sentinel, Windows Problems Stopper, Windows Custodian Utility, My Security Wall, Windows High-End Protection, Windows Multi Control System, Best Malware Protection, Windows No-Risk Agent, Windows Stability Guard, Windows Daily Adviser, Windows Pro Defence, Windows Virtual Angel, Windows Protection Maintenance, Strong Malware Defender, Windows Personal Doctor, Windows Proactive Safety, PrivacyGuard PRO, Windows Advanced Security Center, Smart Engine, Windows Secure Web Patch, Windows Active Guard, Smart Anti-Malware Protection, Windows Telemetry Center, Windows Antivirus Machine, Windows Smart Partner, Windows Smart Warden, Windows Defending Center, Windows Privacy Counsel, Windows Threats Destroyer, Windows Enterprise Defender, XP Smart Security, Windows Security Suite, VirusSecurity, Windows Warding System, Windows Antivirus Rampart, Windows Safeguard Upgrade, Windows Privacy Extension, Windows Security System, Windows Virtual Security, My Security Engine, Windows Shielding Utility, CleanUp Antivirus, Anti-Malware Lab, Windows Safety Series, Fast Antivirus 2009, Best Antivirus Software, Windows Be-on-Guard Edition, Keep Center Keeper, Windows Privacy Module, Windows Private Shield, Windows Secure Workstation, Home Malware Cleaner, Windows Sleek Performance, Windows Custom Safety, Windows Efficiency Accelerator, Internet Security Suite, Windows Basic Antivirus, Windows Firewall Constructor, Windows Premium Console, Windows Custom Management, Volcano Security Suite, Personal Internet Security 2011, Windows Health Keeper, Windows Turnkey Console, Windows Antivirus Care, Windows Managing System, Windows Process Director, Windows Pro Web Helper, Windows Pro Rescuer, Enterprise Suite, Activate Ultimate Protection, Windows Interactive Security, Windows Advanced User Patch, Windows Protection Unit, Windows Safety Toolkit, Windows Defence Counsel, Windows Instant Scanner and Windows Profound Security. All of them can be diagnosed by a shared interface and such fake features as the ‘Advanced Process Control.’ Although Windows Virtual Firewall is a recently-identified variant of FakeVimes that may require updates to your anti-malware software to detect Windows Virtual Firewall, in most respects, Windows Virtual Firewall is identical to other scamware from its family and can endanger your PC with browser redirects, unwarranted settings changes and malfunctioning security programs.

Fake security features may be Windows Virtual Firewall’s quintessential characteristics, but SpywareRemove.com malware researchers have also acquired familiarity with other FakeVimes-based attacks that are more dangerous to your PC than pop-ups and fraudulent scans. Prominent risks that are possible with any FakeVimes infection, including Windows Virtual Firewall are noted below:

• Browser redirects to harmful sites, including fake search engines, sites that conduct drive-by-download attacks and sites that promote fake security programs similar to Windows Virtual Firewall.
• Deleted Registry entries that prevent unrelated programs, such as anti-virus scanners, from launching properly.
• Programs that are blocked from memory – particularly Windows utilities such as the Task Manager and Registry Editor. SpywareRemove.com malware analysts note that unlike programs with deleted Registry components, programs that are blocked from memory should be accessible once you disable Windows Virtual Firewall.
• Settings changes that disable default Windows security features, including the UAC and browser protection from malicious file downloads.

Toning Down the Heat of Windows Virtual Firewall’s Assaults

Because Windows Virtual Firewall can be involved in blocking anti-malware scanners and other security programs, SpywareRemove.com malware researchers encourage you to deactivate Windows Virtual Firewall before you try to delete Windows Virtual Firewall with said software. Popular strategies for doing this include booting from a USB drive device or booting Windows into Safe Mode, although other techniques are also available if necessary. In the meantime, you should strive to avoid interaction with websites that are promoted in Windows Virtual Firewall’s redirects and, in particular, be careful to avoid throwing away money on purchasing Windows Virtual Firewall.

After Windows Virtual Firewall is prevented from launching, Windows Virtual Firewall can be removed by any reasonably-accurate anti-malware product, although an updated database may be necessary to guarantee Windows Virtual Firewall’s accurate identification. Related PC threats, such as Trojan downloaders, may also be on your hard drive, and a full system is also recommended by SpywareRemove.com malware experts.

Windows Virtual Firewall Automatic Detection Tool (Recommended)

Visual & GUI Characteristics

Technical Details

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\{Value}HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

Home Malware ProgramsRogue Anti-Spyware Programs Windows Virtual Firewall