Windows Profile System
Windows Profile System is one of the newer clones of rogue security programs that are distributed by the Fake Microsoft Security Essentials Alert. Problems associated with Windows Profile System and related Trojans include browser hijacks, disabled applications, canceled downloads and the appearance of a variety of fake security-related alerts. Although Windows Profile System pretends to rate various aspects of your PC's security, Windows Profile System can't detect threats or security issues and should be removed by anti-malware software as soon as possible.
A Basic Profile of Windows Profile System
Although Windows Profile System pretends to be a stand-alone security application, in both appearance and functions Windows Profile System is a copy of other threats. Some of Windows Profile System's known clones include Windows Tasks Optimizer, Windows Precautions Center, Windows Oversight Center and Windows Tweaking Utility.
It's simple to notice the similarities between these threats, since Windows Profile System and its clones all use the same green-circled Windows logo, the same system component scores and the same content tabs (such as 'private data protection' or 'hard disk optimization').
Windows Profile System will consistently rate your system as poor in most or all areas, but this isn't indicative of security problems on your PC – because Windows Profile System isn't analyzing your computer in the first place. You can also see various fake alerts by Windows Profile System and its clones that use similar false positive warning tactics:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
These errors are also associated with problems using web browsers and general security applications. Windows Profile System may try to hijack your web browser to control which sites you can visit, or block programs that could remove Windows Profile System and other malicious software.
These attacks may occur whenever you reboot your computer through normal methods, since Windows Profile System will abuse the Registry to enable an automatic startup.
How Windows Profile System Got Into Your PC?
You may be exposed to Windows Profile System attacks when you visit a malicious website that's related to Windows Profile System. Most infections are enabled and accompanied by the Fake Microsoft Security Essentials Alert Trojan, a Trojan that imitates Windows OS error pop-ups. You can recognize this Windows Profile System-enabling Trojan by errors like these:
Microsoft Security Essentials Alert
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspender until you take an action.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
The Fake Microsoft Security Essentials Alert Trojan is also likely to create alerts regarding a fake Trojan infection which is initially displayed as Unknown Win32/Trojan. Like Windows Profile System, the Fake Microsoft Security Essentials Alert Trojan is also capable of blocking applications with fake errors.
To have the best chance of successfully removing both Windows Profile System and Fake Microsoft Security Essentials Alert Trojans, you should reboot your computer into Safe Mode or a separate OS, and then use appropriate anti-malware software to scan your PC. As of late May 2011, Windows Profile System is relatively new, and you should strongly consider updating your threat databases before you run any scanner.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\ .exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.