Windows Web Commander
Windows Web Commander Description
Windows Web Commander is a modest retooling of older variants of FakeVimes-based PC threats, a widespread classification of rogue anti-malware programs. While Windows Web Commander distracts you with inaccurate system scans and pop-up warnings without any basis in reality, other attacks will also be occurring that can redirect your web browser to malicious sites, reduce your security settings or even block unrelated applications. SpywareRemove.com malware researchers recommend deleting Windows Web Commander as a matter of course, although removing Windows Web Commander by any means other than using anti-malware software can allow related PC threats to remain on your hard drive.Windows Web Commander: Leading the Charge in Fake PC Security
Members of FakeVimes have been in distribution for long before now, but its rotating series of brand names appears to have cycled onto Windows Web Commander as of this month. Infection by Windows Web Commander can occur as a result of visiting scamware-promoting sites that install Windows Web Commander automatically or installing software from fake online scanners. In some cases, related PC threats, such as Zlob and similar Trojans with downloaded capabilities, should be disabled (if possible) prior to attempting to remove Windows Web Commander. Trojans linked to Windows Web Commander have also been recognized to cause a loss of Internet connectivity with their system changes.
Windows Web Commander is marketed as a security program and presents itself as such, but all of Windows Web Commander’s security features are hoaxes that are designed to make you believe that an innumerable swarm of PC threats is directly attacking your computer.
Refusing Windows Web Commander’s Order to Empty Your Wallet
Fake security features are the hallmarks of Windows Web Commander and identical FakeVimes-based scamware like Windows Problems Stopper, Windows PRO Scanner, Windows ProSecure Scanner, Keep Center Keeper, Windows Home Patron, Windows Malware Sleuth, Windows Ultimate Safeguard, XP Smart Security, Windows Protection Master, Windows High-End Protection, Windows Maintenance Suite, Windows Secure Workstation, Windows Abnormality Checker, PrivacyGuard PRO, Windows Maintenance Guard, Internet Security Essentials, Antivirus Smart Protection, Windows Efficiency Accelerator, Windows Proactive Safety, Smart Internet Protection 2012, Windows Control Series, Volcano Security Suite, Smart Security, Windows Ultimate Security Patch, Windows Premium Defender, Windows Security Renewal, Security Antivirus, Anti-Malware Lab, Windows Premium Guard, Windows Secure Web Patch, Windows No-Risk Agent, Windows Defending Center, Windows Expert Series, Enterprise Suite, Windows Smart Warden, Windows Debug Center, My Security Shield, Home Safety Essentials, Windows Guardian Angel, Windows Shielding Utility, Windows Security Suite, Windows Safeguard Upgrade, Windows Custom Management, Windows Warding System, Windows Antivirus Patch, Windows Antivirus Rampart, Windows Active Defender, CleanUp Antivirus, Windows Crucial Scanner, System Protection Tools, Live PC Care, Windows Enterprise Suite, Windows Performance Catalyst, Windows Process Director, Windows Daily Adviser, Windows Basic Antivirus, Windows Antivirus Release, Windows Safety Series, Windows Safety Maintenance, Windows Trouble Taker, Windows Safety Toolkit, Windows Guard Solutions, Windows Instant Scanner, Fast Antivirus 2009, Windows Antihazard Solution, Windows Safety Checkpoint, Windows Pro Rescuer, Best Malware Protection, Windows Performance Adviser, Windows Advanced User Patch, Windows Custom Safety, Windows AntiHazard Center, Windows Be-on-Guard Edition, Windows Virtual Firewall, Home Malware Cleaner, Windows Tools Patch, Windows Security System, Windows Privacy Module, Extra Antivirus, Windows System Defender, Security Master AV, Windows Advanced Security Center, Windows Sleek Performance, Windows Virtual Security, Windows Protection Unit, Windows Secure Surfer, Windows Enterprise Defender, Windows Managing System, Windows Activity Debugger, Windows Active Guard, Windows Anti-Malware Patch, Windows Stability Guard, Personal Internet Security 2011, Windows Guard Tools, Windows Pro Defence, Windows Telemetry Center, Windows Threats Destroyer, Windows PC Aid, Windows Software Keeper, Windows Custodian Utility, Windows Internet Booster, Windows Virus Hunter, Windows Antivirus Machine, Windows Secure Workshop, Windows Advanced Toolkit, Windows Premium Console, Windows Turnkey Console, Personal Security Sentinel, Windows Interactive Security, Smart Virus Eliminator, Windows Safety Manager, Windows Antivirus Care, Windows Privacy Extension, Windows Proprietary Advisor, Smart Internet Protection 2011, Windows Pro Safety, Windows Functionality Checker, Windows Risk Minimizer, VirusSecurity, Smart Anti-Malware Protection, Windows Safety Module, Windows Privacy Counsel, Windows Interactive Safety, Windows Protection Maintenance, Windows AntiHazard Helper, Windows Defence Counsel, Live Enterprise Suite, Total Anti Malware Protection, Additional Guard, PC Live Guard, Smart Engine, My Security Engine, My Security Wall, Windows Firewall Constructor, Windows Smart Partner, Virus Doctor, Windows No-Risk Center, Windows Software Saver, Windows Profound Security, Internet Security Suite, Windows Shield Tool, Windows Care Taker, Windows Web Combat, Windows First-Class Protector, Best Antivirus Software, Windows Safety Wizard, Strong Malware Defender, Windows Virtual Angel, Windows Pro Web Helper, Windows Health Keeper, Windows ProSecurity Scanner, Windows Pro Solutions, Windows Private Shield, Windows Multi Control System, Windows Personal Doctor, Activate Ultimate Protection and Windows Pro Safety Release. Nonetheless, these aren’t Windows Web Commander’s only capabilities or even its most dangerous ones, and SpywareRemove.com malware researchers also recommend that you guard your PC against:
- Web browser hijacks that redirect you to scamware-promoting sites or other forms of hostile sites. Search engine redirects are especially probable, and you may also be exposed to drive-by-downloads for other PC threats.
- Changes to your Windows security settings, such as Registry values that enable Windows to warn you when you download files with improper signature-based IDs.
- Security-related software that’s blocked or disabled by Windows Web Commander, including the Task Manager, the Windows UAC and popular AV products.
In spite of these issues, SpywareRemove.com malware analysts have experienced success in removing Windows Web Commander and other clones from the Win32/FakeVimes family by disabling them (via Safe Mode, removable media system boots, etc) and running a standard anti-malware scan.
Windows Web Commander Automatic Detection Tool (Recommended)
Is your PC infected with Windows Web Commander? To safely & quickly detect Windows Web Commander, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Windows Web Commander
What happens if Windows Web Commander does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %APPDATA%\ Protector-ixmf.exe 372 2 %AppData%\Windows Web Commander\Instructions.ini N/A 3 %AppData%\Windows Web Commander\ScanDisk_.exe N/A 4 %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Web Commander.lnk N/A 5 %Programs%\Windows Web Commander.lnk N/A 6 %StartMenu%\Windows Web Commander.lnk N/A 7 %Desktop%\Windows Web Commander.lnk N/A 8 %CommonAppData%\58ef5\SPT.ico N/A 9 %CommonAppData%\58ef5\SP98c.exe N/A 10 %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg N/A 11 %AppData%\NPSWF32.dll N/A 12 %AppData%\result.db N/A 13 %AppData%\1st$0l3th1s.cnf N/A 14 Protector-[RANDOM 3 CHARACTERS].exe N/A 15 Protector-[RANDOM 4 CHARACTERS].exe N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-3_8"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "hycdnkxijp"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\"Debugger" = "svchost.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\[UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\[UNKNOWN FILE NAME].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Web Commander "%CommonAppData%\58ef5\SP98c.exe" /s /dHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web CommanderHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayIcon = [UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayName = Windows Malware FirewallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayVersion = 1.1.0.1010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\InstallLocation = [UNKNOWN DIRECTORY]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\UninstallString = "[UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exe" /del - The following CLSID's were detected:
HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Additional Information
- The following messages's were detected:
# Message 1 Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.2 Error
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan.3 Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Posted: July 4, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(No Ratings Yet)
Loading ...Rate this article:
Detection Count: 281
