Windows Easy Warden
Windows Easy Warden is a new fake security application that borrows the majority of Windows Easy Warden's appearance and functions from similar rogue security programs. Your PC may be infected with Windows Easy Warden after an attack by the Fake Microsoft Security Essentials Alert Trojan, a Trojan that creates fake Security Essentials Alert warnings about an 'Unknown Win32/Trojan.' Windows Easy Warden attempts to look like a benevolent, threat-detecting and update-tracking program, but Windows Easy Warden actually will create fake infection alerts while attacking your ability to browse the Internet and use various security-related applications. Any problems that Windows Easy Warden reports are entirely fake, and you can rest assured that the best thing for your computer is to delete Windows Easy Warden with legitimate security software.
Don't Let Your PC Become a Prisoner of Windows Easy Warden
Windows Easy Warden, like most rogue security programs, is circulated by Trojans such as Zlob and, particularly, by Fake Microsoft Security Essentials Alert. Similar rogue security applications that are installed in the same way as Windows Easy Warden include Windows Inviolability System, Windows Antivirus System, Windows AV Component, Windows Proofness Guarantor and Windows Necessary Firewall.
In most cases, the above Trojans will try to deceive you into thinking that Windows Easy Warden is a necessary security program that can remove some PC threat that was noted prior to the installation process. However, all threat detections from Windows Easy Warden and affiliated programs are fake, and Windows Easy Warden itself has no threat-removing functions.
In spite of lacking real threat-combating features, Windows Easy Warden will fake system scans, percentile-based security monitoring and even pretend to find threats on your computer. Some of the standard messages that you may find Windows Easy Warden issuing include:
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Never act on any of the suggestions that Windows Easy Warden pop-ups, since these recommendations can only cause further damage to your PC. In particular, never purchase Windows Easy Warden, even to make it stop Windows Easy Warden's attacks, since this action hands your credit card over to criminals.
Breaking Out of Windows Easy Warden's Jail
Even though Windows Easy Warden's primary scheme is accomplished well enough by faking infections to convince you of Windows Easy Warden's utility, Windows Easy Warden will use more dangerous attacks to try to convince you of the necessity of buying Windows Easy Warden's fake security features. Some problems linked to Windows Easy Warden infections that Windows Easy Warden doesn't want you to learn about are:
- Programs not functioning, with a particular emphasis on security applications, anti-virus software and Windows utilities like Task Manager and MSConfig. Error messages that are created by Windows Easy Warden or Fake Microsoft Security Essentials Alert may try to fool you into thinking that the above programs are infected when really it's Windows Easy Warden or a Trojan that's causing all problems.
- Windows Easy Warden itself may use up system resources by staying active at all times without requiring you to do so much as start Windows Easy Warden up. This exploit will often use the Windows Registry to trigger, and reversing Windows Registry attacks without the help of appropriate security software is risky for non-experts.
- Hijacks are a final symptom of the Windows Easy Warden family of rogue security applications, and can show themselves in a multitude of ways that always involve your web browser. Your homepage may be changed, your search engine results can be tampered with, pop-ups can appear and Windows Easy Warden may even redirect you straight to the Windows Easy Warden website, regardless of what you try to do. Be especially watchful for fake unsafe website errors that Windows Easy Warden may use to prevent you from seeking out PC security sites.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\ .exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
Additional Information on Windows Easy Warden
- The following messages's were detected:
# Message 1 System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.2 Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot3 Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.4 Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.