Home Malware Programs Rogue Anti-Spyware Programs Windows Accidents Prevention

Windows Accidents Prevention

Posted: May 31, 2011

ScreenshotWindows Accidents Prevention is a rogue security program that steals control of your web browser, shuts down your ability to use security-related programs and creates fake infection warnings to cover up the above attacks. Most Windows Accidents Prevention infections are caused by Fake Microsoft Security Essentials Alert Trojans that infect your PC furtively while pretending to be a part of the Microsoft Security Essentials program. Deleting Windows Accidents Prevention in the same way that you'd delete a normal program is likely to fail; instead, consider using Safe Mode along with advanced anti-virus program to remove Windows Accidents Prevention from your PC.

Accidents That Windows Accidents Prevention Doesn't Prevent

Windows Accidents Prevention pretends to grade various security-related parts of your system, but these grades are just a way to cause panic and are always negative regardless of your computer's actual health. Although Windows Accidents Prevention doesn't provide any of the broad security features Windows Accidents Prevention advertises, you will find that genuine problems occur on any computer that's infected by Windows Accidents Prevention.

Some of the most common Windows Accidents Prevention attacks include:

  • Web browser hijacks that prevent you from visiting websites or redirect you to hostile sites. Hijacks can also change your browser's homepage, create fake errors or add links to online content.
  • Application malfunctions, especially crashes. Windows Accidents Prevention uses these both generally and in the specific case of stopping you from using anti-malware applications. Errors that you may see alongside these attacks can look like these examples:

    Warning!
    Location: [application file path]
    Viruses: Backdoor.Win32.Rbot

    Warning!
    Name: [application file name]
    Name: [application file path]
    Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

  • Windows Accidents Prevention also inserts itself into your default Windows startup routine by way of corrupting the Registry. This lets Windows Accidents Prevention run constantly, and Windows Accidents Prevention may even continue to run after you try to close Windows Accidents Prevention.

Assume that your computer is in danger of the above attacks unless you've taken additional steps to secure your computer from Windows Accidents Prevention's startup routine. Common means of avoiding Windows Accidents Prevention's launch include using Safe Mode (accessed by F8 during startup), booting from an external device like a CD, or booting into an entirely different OS.

Windows Accidents Prevention shares these attack methods with other threats in its family like Windows Anticrashes Utility, Windows Averting System, Windows Troubles Solver and Windows Necessary Firewall.

Windows Accidents Prevention's Cheap Anti-Virus Facade

Windows Accidents Prevention will also create many different fake infection pop-ups as part of its pretense of being a real anti-virus application. You needn't worry about these alerts calling out real infections on your PC; Windows Accidents Prevention has absolutely no virus detection features and can't do anything to help your computer.

Besides the errors already noted earlier, some typical Windows Accidents Prevention errors include:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

It's common for Windows Accidents Prevention infections to coincide with Fake Microsoft Security Essentials Alert Trojan infections. Here's one sample of a possible Fake Microsoft Security Essentials Alert message, which is often used to allay suspicion while Windows Accidents Prevention is installed:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

Regardless of the presence of a Fake Microsoft Security Essentials Alert or the lack thereof, in all cases, removing Windows Accidents Prevention and related threats is best accomplished by using anti-malware application in Safe Mode.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"

Additional Information on Windows Accidents Prevention

  • The following messages's were detected:
    # Message
    1 Microsoft Security Essentials Alert
    Potential Threat Details
    Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
    2 Threat prevention solution found
    Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
    Risk of system files infection:
    The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
    3 System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.
    4 Warning!
    Location: c:\windows\system32\taskmgr.exe
    Viruses: Backdoor.Win32.Rbot

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Windows Accidents Prevention may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.