Windows Repairing System
Windows Repairing System pretends to be a real security and anti-virus program, but in actuality, Windows Repairing System is a rogue security program that gives fake alerts and warnings instead of real system information. Purchasing Windows Repairing System is ultimately self-destructive since this act can result in additional fraudulent charges and allows Windows Repairing System to attack your computer's application-running and web browsing capabilities. Removing Windows Repairing System should be performed by anti-malware applications when such tool is available, due to Windows Repairing System's frequency of being bundled with Trojans.
How You Can Refuse Windows Repairing System's Fake Repair Services
Most computers become infected by Windows Repairing System only after becoming infected with an earlier and preliminary infection. This opening infection, the Fake Microsoft Security Essentials Alert, uses browser exploits, advertisement script abuses or other security weaknesses to sneak onto PCs without your awareness. Then the Fake Microsoft Security Essentials Alert creates errors like the following, to trick you into believing that you should install the proffered program to fix your PC:
Microsoft Security Essentials Alert
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspender until you take an action.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
These fake errors are only the start of your problems, since the Trojan will proceed to install Windows Repairing System or one of its clones regardless of what you try to do. This is then followed by a system reboot that allows Windows Repairing System to take full advantage of its new auto-launch entry in the Windows Registry.
Disabling browser scripts, especially Java and Flash, can help protect your PC from attacks by Windows Repairing System and its corresponding Trojan. Once Windows Repairing System is on your computer, the ideal solution is Safe Mode (or a system boot from an external or non-Windows source) followed by a full system scan with real security tool.
Windows Repairing System is still a new threat as of May 2011, so be certain to update your scanners before you try to scan your PC. An out of date scanner may not detect Windows Repairing System even if it can detect some of Windows Repairing System's earlier clones like Windows Problems Protector, Windows Protection Servant, Windows Optimal Settings and Windows Tasks Optimizer.
Windows Repairing System's Modus Operandi
Windows Repairing System's foremost and most visible attack characteristic is the creation of fake alerts and other negative pop-ups with text similar to these examples:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
You may also experience browser hijacks. Hijacks can alter online content up to the point of creating fake errors that bar off beneficial websites, as well as redirect you to hostile websites or change your browser settings.
Finally, Windows Repairing System and the Fake Microsoft Security Essentials Alert Trojan can both prevent you from launching many different applications. They'll attempt to prevent you from using security programs or diagnostic tools like the Task Manager and MSConfig, and to this end, you'll see many Windows Repairing System warnings about these programs being infected.
However, Windows Repairing System and Windows Repairing System's related infections don't try to damage your computer programs by themselves. Once you deactivate Windows Repairing System by switching to Safe Mode, you'll be able to access all the programs that were supposedly 'infected.'
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.