Windows Stability Alarm
Windows Stability Alarm is one of many fake security applications that are distributed spread by the Fake Microsoft Security Essentials Alert Trojan. Despite Windows Stability Alarm's appearance, which is similar to that of a normal anti-virus and security-tracking application, Windows Stability Alarm only creates fake infection warnings instead of tracking down real threats. Windows Stability Alarm may also block some security-related programs, and hijack well-known web browsing applications. Deleting Windows Stability Alarm should be handled by appropriate security software whenever possible.
Windows Stability Alarm and the Trojan That Jams It Through Your PC Safety Measures
Windows Stability Alarm is a clone of other well-known and recent threats like Windows Verifying Center, Windows Accelerating Utility, Windows Concern System and Windows Salvage System. In fact, Windows Stability Alarm even uses the same graphical shell with an identical grading system for your computer's security. Unfortunately, all of Windows Stability Alarm's grades and other security-related features are faked rather than genuine, and Windows Stability Alarm is even installed with the help of a Trojan.
The Fake Microsoft Security Essentials Alert Trojan is infamous for installing many different rogue security programs, including Windows Stability Alarm. Windows Stability Alarm's installation usually will be preceded by fake warnings about an Unknown Win32/Trojan or a pop-up that reads similar to the following example:
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
After these fake alerts, Fake Microsoft Security Essentials Alert will install Windows Stability Alarm or another threat onto your PC. Registry entries will be created that let Windows Stability Alarm start with Windows, and then Windows itself will be rebooted to accomplish this automatic startup.
Why Windows Stability Alarm Should Set Off Your Alarms
Since Windows Stability Alarm is based off of heavily-recycled code, many of the same attacks that Windows Stability Alarm uses are also found on related threats. Problems that you may face when dealing with a Windows Stability Alarm infection include:
- Fake error messages that imply that important system components have been infected, or otherwise damaged by high-level threats. Many of Windows Stability Alarm's error windows will attempt to encourage you to purchase the full version of Windows Stability Alarm, to remove these nonexistent problems.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC! - An inability to use various programs, including basic Windows tools like the Task Manager and popular anti-virus scanners. Windows Stability Alarm may also create more specific error pop-ups that tell you that these programs are infected, but Windows Stability Alarm is the actual infection that's causing the problem.
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.RbotWarning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning. - Lastly, Windows Stability Alarm may hijack your web browser to redirect you to harmful sites, and keep you away from websites that could help you remove Windows Stability Alarm. Hijacks can create pop-ups, change your search engine results, meddle with your homepage settings and redirect you to a website with advanced techniques like URL to IP mapping.
Using a good anti-malware program in Safe Mode with administrative privileges, should let you delete Windows Stability Alarm, and any related PC threats with no further problems. However, since Windows Stability Alarm is a recent threat as of June 2011, you should be careful to update your scanner before running a scan. Despite being a clone of older threats, Windows Stability Alarm may avoid being deleted if your software isn't equipped with the latest threat definitions.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\ .exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.