Windows Saviour Firewall
Windows Saviour Firewall is a rogue security application that creates fake grading systems for your PC security and inaccurate pop-up alerts to confuse you about the state of your computer's security. Besides faking security features to steal your money, Windows Saviour Firewall can also hijack web browsers, and block applications from running. Windows Saviour Firewall is also likely to be found in the company of Trojans like the Fake Microsoft Security Essentials Alert that install Windows Saviour Firewall as a payload. To remove Windows Saviour Firewall from your PC, it's encouraged that you use Safe Mode or a CD-based boot along with appropriate security software.
Windows Saviour Firewall – a False Saviour with Fake Functions
Windows Saviour Firewall is usually installed by Fake Microsoft Security Essentials Alert Trojans that create imitations of Microsoft Security Essentials Alert pop-ups to make you believe the threat is a real security software. Here are two samples of the messages you might see during Windows Saviour Firewall's installation, along with general Trojan alerts:
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
In addition to Windows Saviour Firewall, Fake Microsoft Security Essentials Alert Trojans can also install other threats that are closely linked to Windows Saviour Firewall. The possibilities include, but aren't limited to Windows Necessary Firewall, Windows Accidents Prevention, Windows Virtual Firewall, Windows Averting System, Windows Anticrashes Utility and Windows Troubles Solver.
Once Windows Saviour Firewall is installed, you'll see many other fake pop-up warnings that try to lead you into believing that a virtual army of infections is seething inside your PC. Windows Saviour Firewall's pop-ups can beis used to indicate that a specific program is infected, or just to point out a general infection without noting the location, but in all cases, these pop-ups are fake and inaccurate. Samples of Windows Saviour Firewall's lying pop-ups include:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
What Windows Saviour Firewall Really Does when You're Looking Away
All of Windows Saviour Firewall's fake anti-virus and security features are just a cover for a variety of malicious attacks, including:
- Browser hijacks. These hijacks can change your homepage to Windows Saviour Firewall's website, control which website you're directed to after you click a link, display fake warnings that prevent you from using normal websites or even play advertisements. It's important to be aware that malicious websites that are affiliated with Windows Saviour Firewall can install Trojans and other malicious software on your PC without your permission, and are very likely to attempt to steal private information like your credit card number.
- Windows Saviour Firewall will also block various applications, most significantly your security-related programs. Since these attacks will often use pop-ups that erroneously indicate that these important programs are infected, it's important to distinguish between genuine program infections and Windows Saviour Firewall-caused crashes in these cases.
- By creating malicious entries in your Windows Registry, Windows Saviour Firewall will remain continually active and always launch itself when you start Windows normally. Safe Mode or booting from a CD will turn off Windows Saviour Firewall so that you can use your security software without the above attacks getting in the way.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.