Windows Risks Preventions

Posted: May 26, 2011

Windows Risks Preventions is a copy of other rogue security programs like Windows Profile System and Windows Firewall Unit. The Windows Risks Preventions family of threats uses Trojans that imitate Microsoft Security Essentials Alert windows during installation. After being installed, Windows Risks Preventions will create fake errors and hinder your ability to use security applications to make it look like your PC is being attacked by malicious software from every possible angle, but Windows Risks Preventions can't detect or remove real PC threats. Instead of purchasing Windows Risks Preventions's activation key, save your money and delete Windows Risks Preventions by using an industry-trusted anti-malware scanner.

How Windows Risks Preventions Sinks Its Hooks into Your PC?

Windows Risks Preventions is identical to other recent versions of rogue security programs in Windows Risks Preventions's family, including Windows Firewall Unit, Windows Profile System, Windows Tweaking Utility and Windows Oversight Center. Like Windows Risks Preventions' twins, Windows Risks Preventions will create poor ratings for various aspects of your PC like 'media components' and 'private data protection,' but Windows Risks Preventions' ratings aren't based on any actual analysis of your computer's security. Windows Risks Preventions only looks like an anti-virus and security program while not providing you with the features Windows Risks Preventions appears to have.

Most rogue security programs on the Windows Risks Preventions group market themselves by abusing SEO techniques to place their fraudulent and deceptive websites at the top of results for popular search engines. You can become infected by Windows Risks Preventions whenever you visit one of these websites, since Windows Risks Preventions and its relatives have been linked to Fake Microsoft Security Essentials Alert Trojans, which install themselves without your permission.

If you see alerts similar to the ones below, you're being attacked by the Fake Microsoft Security Essentials Alert Trojan:

Microsoft Security Essentials Alert
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspender until you take an action.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

Other common error messages by the Fake Microsoft Security Essentials Alert Trojan include warnings about an Unknown Win32/Trojan. After this attack, Windows Risks Preventions or one of its lookalikes is installed and will run automatically.

Once the Trojan Threat Has Passed, Windows Risks Preventions Threat Begins

Windows Risks Preventions will create error messages like the following, to delude you into believing that different infections are interfering with your PC:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot

Other Windows Risks Preventions-related issues include:

Browser hijacks that redirect you to the Windows Risks Preventions website. These hijacks may also stop you from browsing other websites, change your homepage and create advertisements, links or fake errors.
Problems using security applications that can monitor or remove Windows Risks Preventions. In most cases, these programs will crash with a fake infection message. Avoiding this attack is as simple as using Safe Mode to stop Windows Risks Preventions from running, or renaming the program file to trick Windows Risks Preventions into allowing Windows Risks Preventions to run.

File System Modifications

The following files were created in the system:

# File Name

1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe

#	File Name
1	%AppData%\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"

Additional Information on Windows Risks Preventions

The following messages's were detected:

#	Message
1	Warning! Location: c:\windows\system32\taskmgr.exe Viruses: Backdoor.Win32.Rbot
2	Microsoft Security Essentials Alert Potential Threat Details Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
3	Threat prevention solution found Security system analysis has revealed critical file system vulnerability caused by severe malware attacks. Risk of system files infection: The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.