Windows Protection Servant
Windows Protection Servant is one of many different versions of a rogue security program that fakes anti-virus and general system security functions. Although you may see many different alerts from Windows Protection Servant, these alerts are fake and not indicative of real infections or other system problems. Rogue programs in the Windows Protection Servant grouping are delivered by Trojans and may also attack your web browser or other application activities. It's strongly encouraged that you avoid purchasing Windows Protection Servant and use the malware-removal services provided by any good anti-malware program.
Windows Protection Servant: Part of a Large Family of Interlinked Threats
Windows Protection Servant has an interface and uses code borrowed from other rogue programs, despite its different name. Some twins of Windows Protection Servant include Windows Problems Protector, Windows Oversight Center, Windows Optimal Settings and Windows Task Optimizer.
Although Windows Protection Servant grades your PC on such facets as 'network safety' and 'private data protection,' all grades are negative. You don't need to worry about this indicating any problems with your computer, though, since Windows Protection Servant isn't able to detect problems - it only pretends to do so while hoping that you'll purchase a registration key.
Windows Protection Servant's system scans, pop-up alerts and other forms of proffered information are similarly inaccurate. You may see Windows Protection Servant errors like the ones below regardless of the state of your computer:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
The Other Computer Problems That Tag Along with Windows Protection Servant
You may also find that your computer shows signs of these other problems that are related to Windows Protection Servant:
- The presence of unusual Microsoft Security Essentials Alert pop-ups. These pop-up windows are used by the Fake Microsoft Security Essentials Alert Trojan while installing Windows Protection Servant or other rogue threats. Sample pop-up errors include:
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer. - Problems using various applications. Windows Protection Servant may shut down different programs to make it appear as though your PC is infected in many different areas. Windows Protection Servant will also try to prevent you from using anti-malware or system maintenance software.
- Browser hijacks. Hijacks can show up in several kinds of attacks, such as a changed homepage setting, redirects to strange websites or the appearance of unusual links or fake error pages. Coming into contact with a Windows Protection Servant-related website can infect your computer again and should be avoided.
- Windows Protection Servant may run without your permission, and remain active as a background memory process after you attempt to close it. In these cases, using Safe Mode usually is the simplest technique for avoiding Windows Protection Servant's startup, and hence, being able to delete Windows Protection Servant with the help of anti-malware software.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
Additional Information on Windows Protection Servant
- The following messages's were detected:
# Message 1 System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.2 Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot3 System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.4 Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.5 Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.6 Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.