Windows Rescue Center
Windows Rescue Center is a new member of a group of rogue security programs that infect new computers through the Trojan Fake Microsoft Security Essentials Alert. The Fake Microsoft Security Essentials Alert will install Windows Rescue Center or a related threat while creating Microsoft Security Essentials pop-ups that make the rogue security program appear to be legitimate. Windows Rescue Center can't remove or even detect malicious software; however, Windows Rescue Center may also hijack your web browser or blocks programs from working properly. It's recommended that you delete Windows Rescue Center and any related threats to your computer's security, by using fully-updated security programs to scan your PC while in Safe Mode.
Rescuing Yourself from Windows Rescue Center's Many Errors
Most Windows Rescue Center infections are created by Fake Microsoft Security Essentials Alert Trojans. These Trojans will create errors like the following one to convince you that Windows Rescue Center is a real security program:
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
However, Windows Rescue Center and other rogue security applications that are installed by Fake Microsoft Security Essentials Alert Trojans can't detect or delete threats. This will not prevent Windows Rescue Center from creating a wide range of fake errors, however.
Some of Windows Rescue Center's errors may fake indications of particular programs being infected:
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Other Windows Rescue Center errors are more generalized, and simply badger you to register Windows Rescue Center by spending some of your hard-earned money:
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
Windows Rescue Center errors and pop-up warnings are never accurate and should never be trusted. If you've purchased Windows Rescue Center prior to reading this, you should speak to your credit card company to have the fraudulent charges canceled.
Kicking Windows Rescue Center Out of Your PC
Trying to delete Windows Rescue Center the way you'd delete a normal program may leave malicious components hidden on your PC. This can result in an incomplete deletion that lets Windows Rescue Center revive itself after your next reboot. To remove Windows Rescue Center from your computer once and for all, use good anti-malware programs that have been fully updated with the most recent threat definitions.
Windows Rescue Center may also launch itself automatically and hinder your attempts to delete Windows Rescue Center in other ways. Rogue programs in the Windows Rescue Center family are known to hijack web browsers; these hijacks can take the form of search engine redirects, fake error screens, advertisements or changed homepage settings.
While active, Windows Rescue Center may also block anti-virus and security software using errors similar to the earlier examples. You can stop these attacks and other ones by using Safe Mode, rebooting into a different OS, or booting your OS from an external storage device. Any of these options will put a halt to Windows Rescue Center's Registry-based startup routine and let you delete Windows Rescue Center for good.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
Additional Information on Windows Rescue Center
- The following messages's were detected:
# Message 1 Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.2 System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.