Outpost Firewall Enhanced Protection Mode

Posted: August 25, 2011

Outpost Firewall Enhanced Protection Mode is a variant of other fake security programs that cash in on a variety of well-known brands to lure you into performing self-destructive actions. Although the name that Outpost Firewall Enhanced Protection Mode uses is linked to the legitimate Outpost Firewall brand, Outpost Firewall Enhanced Protection Mode isn't part of that product and has no firewall or other security-related features for your PC. In fact, SpywareRemove.com malware research team has found that Outpost Firewall Enhanced Protection Mode takes active measures to disable security-related software and can be classified as a high-level security threat. Outpost Firewall Enhanced Protection Mode is distributed primarily via fake software updates and through social media websites, but if you find that your computer has been infected by one of these routes, you can use a competent anti-malware program to remove Outpost Firewall Enhanced Protection Mode and regain normal software usage.

Finding the Enhanced Malice in Outpost Firewall Enhanced Protection Mode

Outpost Firewall Enhanced Protection Mode is just one of many scamware programs that ride atop the backs of popular security brands and try to stop you from suspecting their true nature. Recent attacks by these rogue security programs include such names as Kaspersky Internet Security 2011 Enhanced Protection Mode, McAfee Enhanced Protection Mode, Microsoft Defender Enhanced Protection Mode, Dr.Web Enhanced Protection Mode and ESET Smart Security Enhanced Protection Mode. Despite their names, none of these scamware products have anything to do with legitimate PC security companies, and even Outpost Firewall Enhanced Protection Mode is completely unrelated to any version of Outpost Firewall.

After infecting your PC, SpywareRemove.com malware researchers have found that Outpost Firewall Enhanced Protection Mode will launch a double-duty attack that shuts down your real security programs and, simultaneously, reassures you that your security is fine:

Outpost Firewall Enhanced Protection Mode will prevent you from launching real security applications, including popular anti-virus scanners, firewall programs and anti-spyware products. This security blackout will also encompass any Outpost Firewall installations on your computer and makes your PC incredibly vulnerable to future attacks by Outpost Firewall Enhanced Protection Mode or other kinds of malicious software.
However, the unique twist to Outpost Firewall Enhanced Protection Mode's security attacks is the error message that it uses to accompany Outpost Firewall Enhanced Protection Mode, often embedded in a new toolbar icon. Outpost Firewall Enhanced Protection Mode's goal is to convince you that your computer's software is working normally with the following pop-up:
"Attention! Outpost Firewall operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."

Turning Up the Heat to Keep Outpost Firewall Enhanced Protection Mode Out

Although you can remove Outpost Firewall Enhanced Protection Mode with the same methods and anti-malware software that you could use to delete similar backdoor Trojans, avoiding an Outpost Firewall Enhanced Protection Mode infection at all is the preferable route. Outpost Firewall Enhanced Protection Mode attack methods of note include the following:

Social networking links. Outpost Firewall Enhanced Protection Mode may distribute links of itself that appear to be video files or other forms of safe content by compromising social networking site profiles. Facebook is a particularly prominent target of this method of infection by Outpost Firewall Enhanced Protection Mode.
Fake Adobe Flash updates. Outpost Firewall Enhanced Protection Mode is also distributed by fake Flash links that pretend to provide updates for video-viewing and game-playing experiences. This method of infection is also common for other forms of harmful software, such as dropper Trojans and browser hijackers.

To avoid the first route of infection, only click on links that you're certain have been sent by a real person that you know and trust. To avoid the second route, download updates for Flash and other forms of media only from the appropriate and official websites. Keeping these safety measures in mind will help prevent you from ever needing to know how to get rid of Outpost Firewall Enhanced Protection Mode in the first place.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%WinDir%\sysdriver32.exe

File name: %WinDir%\sysdriver32.exe
File type: Executable File
Mime Type: unknown/exe

%WinDir%\l1rezerv.exe

File name: %WinDir%\l1rezerv.exe
File type: Executable File
Mime Type: unknown/exe

%WinDir%\systemup.exe

File name: %WinDir%\systemup.exe
File type: Executable File
Mime Type: unknown/exe

%WinDir%\services32.exe

File name: %WinDir%\services32.exe
File type: Executable File
Mime Type: unknown/exe

%TempDir%\[RANDOM CHARACTERS].exe

File name: %TempDir%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe

%WinDir%\sysdriver32_.exe

File name: %WinDir%\sysdriver32_.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\SOFTWARE\Microsoft\Windows\CurrentVersion\{ModuleUsage}HKLM\SOFTWARE\systemdrv64HKLM\SOFTWARE\systeminfogHKLM\SOFTWARE\sysdriver32.exeHKLM\SYSTEM\CurrentControlSet\Services\srvsysdriver32

Additional Information

The following messages's were detected:

#	Message
1	Attention! Outpost Firewall operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you.