Windows Virus Hunter

Windows Virus Hunter Description

The colorfully aggressive brand name that Windows Virus Hunter uses is a clue to its real intentions – while Windows Virus Hunter is, indeed, a virtual hunter, the prey that Windows Virus Hunter is after is your wallet. A recruit for the well-known rogue anti-malware product family that’s label FakeVimes, Windows Virus Hunter pretends to be able to disinfect viruses and other PC threats, but SpywareRemove.com malware analysts have verified Windows Virus Hunter’s security software status as fraudulent. Notwithstanding Windows Virus Hunter’s problems with providing accurate security information, very real functions that may be included in any Windows Virus Hunter infection can consist of browser hijacks, disabled security applications and even altered Windows security settings. Routine removal of Windows Virus Hunter should use anti-malware scanners whenever practical, since Windows Virus Hunter’s installation is likely to have been facilitated by other PC threats that may or may not exhibit their own symptoms.

Windows Virus Hunter Has Declared Open Season on Your Computer

Windows Virus Hunter is one of the newer entrants into the FakeVimes family of fake anti-malware programs, and like its many relatives, Windows Virus Hunter holds the appearance but not the real features of a PC security product. The easiest-to-detect symptoms of a Windows Virus Hunter infection include the fake pop-up warnings and scans that Windows Virus Hunter displays when your system starts up, and Windows Virus Hunter will continue to produce fraudulent alerts at other opportunities (such as if you attempt to set up a program that Windows Virus Hunter doesn’t want you to access).

These attacks, along with characteristic FakeVimes traits like the fake ‘Advanced Process Control’ feature, are shared between Windows Virus Hunter and its kin like Windows Security Renewal, Volcano Security Suite, Smart Engine, Windows System Defender, VirusSecurity, Windows Functionality Checker, Windows No-Risk Center, Windows Home Patron, Windows Stability Guard, Windows Firewall Constructor, Windows Smart Warden, Internet Security Suite, Windows Advanced Security Center, System Protection Tools, XP Smart Security, Windows Pro Rescuer, PC Live Guard, Security Antivirus, Windows Pro Solutions, Activate Ultimate Protection, Windows Ultimate Security Patch, Windows Risk Minimizer, Windows Care Taker, Windows Instant Scanner, Windows Premium Defender, Windows Guard Solutions, Windows Problems Stopper, Windows Antivirus Release, Smart Anti-Malware Protection, Windows Secure Surfer, Windows Safeguard Upgrade, Windows Profound Security, Windows Security Suite, Windows Managing System, Windows Shielding Utility, Strong Malware Defender, Live PC Care, My Security Shield, Windows Activity Debugger, Windows Antihazard Solution, Windows Abnormality Checker, Windows Web Commander, Windows Sleek Performance, Windows No-Risk Agent, Windows Protection Maintenance, Windows Malware Sleuth, Windows Secure Web Patch, Windows Daily Adviser, Windows Advanced User Patch, Windows Secure Workshop, PrivacyGuard PRO, Windows Antivirus Patch, Extra Antivirus, Anti-Malware Lab, Windows Guardian Angel, Total Anti Malware Protection, Windows Maintenance Guard, Windows Safety Toolkit, Windows Custom Management, Windows Virtual Firewall, Windows Antivirus Machine, Windows Guard Tools, Windows Active Defender, Smart Internet Protection 2012, Windows Efficiency Accelerator, Windows Safety Module, Windows Premium Console, Windows Privacy Module, Windows Turnkey Console, Windows Proactive Safety, Windows Interactive Security, Windows AntiHazard Center, Best Antivirus Software, Windows Custom Safety, Windows PC Aid, Windows Ultimate Safeguard, Enterprise Suite, Windows PRO Scanner, Windows Internet Booster, Windows ProSecure Scanner, Windows Safety Series, Smart Internet Protection 2011, Windows Performance Catalyst, CleanUp Antivirus, My Security Engine, Windows Threats Destroyer, Windows Defence Counsel, Windows Safety Wizard, Keep Center Keeper, Windows Enterprise Defender, Windows First-Class Protector, Windows ProSecurity Scanner, Windows Telemetry Center, Windows AntiHazard Helper, Home Safety Essentials, Windows Tools Patch, Windows Safety Maintenance, Windows Proprietary Advisor, Smart Virus Eliminator, Windows Warding System, Windows Premium Guard, Windows Private Shield, Windows Maintenance Suite, Windows Secure Workstation, Smart Security, Live Enterprise Suite, Windows Debug Center, Windows Custodian Utility, Windows Pro Safety, Windows Antivirus Rampart, Windows Virtual Angel, Windows Anti-Malware Patch, Windows Shield Tool, Windows Interactive Safety, Personal Security Sentinel, Antivirus Smart Protection, Virus Doctor, Windows Expert Series, Windows Performance Adviser, Windows Privacy Extension, Windows Security System, Windows Virtual Security, My Security Wall, Windows Defending Center, Windows Antivirus Care, Windows Basic Antivirus, Windows Enterprise Suite, Windows Software Keeper, Windows Be-on-Guard Edition, Windows Advanced Toolkit, Fast Antivirus 2009, Additional Guard, Windows Smart Partner, Windows Crucial Scanner, Windows Multi Control System, Windows Pro Defence, Windows Active Guard, Windows Pro Web Helper, Windows Health Keeper, Windows Protection Unit, Windows Protection Master, Windows Personal Doctor, Windows Web Combat, Personal Internet Security 2011, Windows Safety Checkpoint, Windows Privacy Counsel, Best Malware Protection, Windows High-End Protection, Security Master AV, Internet Security Essentials, Home Malware Cleaner, Windows Trouble Taker, Windows Safety Manager, Windows Software Saver, Windows Control Series, Windows Process Director and Windows Pro Safety Release.

Other side effects of a Windows Virus Hunter infection that may not be as obvious in origin as the ones noted above have also been noted by SpywareRemove.com malware researchers, as delineated below:

Redirects to disreputable, unusual or malicious sites. Browser redirects and similar attacks may alter your search results, hijack your homepage or expose you to drive-by-download exploits that can put your PC at risk.
Security and anti-malware programs that are disabled by Windows Virus Hunter, with or without fake pop-up alerts. Preferred targets for Windows Virus Hunter and other FakeVimes-based scamware programs include the Windows UAC, Task Manager, anti-virus scanners and firewall utilities.
System settings that are changed to hamper your PC’s security. Windows Virus Hunter may disable portions of your Windows Firewall or turn off security features that protect your PC from malicious files.

Sparing Your Funds from Windows Virus Hunter’s Depredations

Because Windows Virus Hunter’s modest goal is to trick you into spending your money on a registration key for its fake security software, you should take special care in avoiding software registration or purchase requests from both Windows Virus Hunter and websites that are associated with Windows Virus Hunter’s browser redirect attacks. Deleting Windows Virus Hunter is the first step to truly taking your PC back from all malicious software, even if you’re required to take additional steps to assist your anti-malware software with the process.

Windows Virus Hunter, like all FakeVimes-based scamware, does change Windows components without your permission, and this can damage your operating system if you remove these changes in an improper way. Due to this risk and the simple fact that Windows Virus Hunter will resist its own uninstallation, SpywareRemove.com malware researchers don’t recommend that you use normal or manual techniques to delete Windows Virus Hunter if any genuine anti-malware products are available.

Windows Virus Hunter Automatic Detection Tool (Recommended)

Is your PC infected with Windows Virus Hunter? To safely & quickly detect Windows Virus Hunter, we highly recommend you run the malware scanner listed below.

Download SpyHunter's* Malware Scanner to detect Windows Virus Hunter What happens if Windows Virus Hunter does not let you open SpyHunter or blocks the Internet?

Visual & GUI Characteristics

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

#	File Name	Detection Count
1	%APPDATA%\ Protector-rmgh.exe	447
2	Windows Virus Hunter.lnk	N/A
3	%AppData%\1st$0l3th1s.cnf	N/A
4	%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Virus Hunter.lnk	N/A
5	%AppData%\NPSWF32.dll	N/A
6	%AppData%\result.db	N/A
7	%AppData%\Windows Virus Hunter\Instructions.ini	N/A
8	%AppData%\Windows Virus Hunter\ScanDisk_.exe	N/A
9	%CommonAppData%\58ef5\SP98c.exe	N/A
10	%CommonAppData%\58ef5\SPT.ico	N/A
11	%CommonAppData%\SPUPCZPDET\SPABOIJT.cfg	N/A
12	%Desktop%\Windows Virus Hunter.lnk	N/A
13	%Programs%\Windows Virus Hunter.lnk	N/A
14	%StartMenu%\Windows Virus Hunter.lnk	N/A
15	Protector-[RANDOM 3 CHARACTERS].exe	N/A
16	Protector-[RANDOM 4 CHARACTERS].exe	N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.

The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\[UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\[UNKNOWN FILE NAME].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Virus Hunter "%CommonAppData%\58ef5\SP98c.exe" /s /dHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Virus HunterHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayIcon = [UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayName = Windows Malware FirewallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayVersion = 1.1.0.1010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\InstallLocation = [UNKNOWN DIRECTORY]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\UninstallString = "[UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exe" /del
The following CLSID's were detected:
HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}