Windows AV Component
Posted: June 27, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 35 |
| First Seen: | June 27, 2011 |
|---|---|
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
Windows AV Component is a 'hot off the press' fresh rogue security program that's a clone of other threats within Windows AV Component's family. As is the case with related rogue security programs, Windows AV Component will use the Windows brand logo and fake security-monitoring functions to earn your trust, only to try to steal your money and credit card information. Windows AV Component can't detect or remove PC threats, nor can Windows AV Component provide honest monitoring for your security. Prior to removing Windows AV Component, you may also be victimized by browser hijacks or obstructed use of unrelated programs.
The Trojan Delivery Boy That Tosses + Onto Your Computer
As a very new threat as of June 2011, you might download Windows AV Component by mistake from a malicious or low-security website that promotes Windows AV Component for its nonexistent anti-virus and PC security features. More likely than not, though, you'll encounter Windows AV Component after being attacked by Fake Microsoft Security Essentials Alert or a similar Trojan.
The Fake Microsoft Security Essentials Alert and Trojans like it usually are installed by the use of harmful Flash or Java scripts that are used by malicious websites or advertisements. There may be no clues to show off the Trojan's installation, but Fake Microsoft Security Essentials Alert will create a number of fake Trojan alert messages while it installs Windows AV Component.
Some clones of Windows AV Component that may also be installed include Windows Stable Work, Windows Examination Utility, Windows Verifying Center and Windows Necessary Firewall.
Just one of Fake Microsoft Security Essentials Alert's many error messages includes the following:
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
Although Fake Microsoft Security Essentials Alert may pretend to give you a choice as to whether or not Windows AV Component gets installed, in most cases, Windows AV Component will be installed regardless of what you try to do. Your PC will be rebooted, and via the not-so-trustworthy magic of exploiting the Windows Registry, Windows AV Component will launch itself automatically.
The Many Unpleasant Results of a Windows AV Component Delivery
In addition to starting without your permission, Windows AV Component may also stay open in memory to prevent you from closing Windows AV Component. The combination of these two functions can let Windows AV Component cause a range of other issues for your PC:
- Windows AV Component will create bad grades for your computer's security and use fake error messages to make you believe that your PC is infected by many different threats. These warnings are falsified and have no purpose, except to make you spend money on Windows AV Component.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC! - You may also find that Windows AV Component is blocking your ability to use different programs, particularly any program that has the real security features that Windows AV Component claims to provide. In many cases, Windows AV Component will use more specific fake error pop-ups to disguise this attack:
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.RbotWarning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning. - In a final attempt to push computer users into providing their credit card details, Windows AV Component may also redirect your web browser to Windows AV Component's own website. These hijacks can also create pop-ups, block security-related sites and change your search results.
To keep your computer and finances both safe, you should remove Windows AV Component at all costs. However, use appropriate anti-malware software to delete Windows AV Component, when possible, since Windows AV Component contains advanced components and may be accompanied by Trojans.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe 2 brjncj.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\Microsoft\brjncj.exe
File name: brjncj.exeSize: 1.88 MB (1884672 bytes)
MD5: a08c141f52addfd1640da9496f6deb30
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\Microsoft
Group: Malware file
Last Updated: January 8, 2020
What if I just clicked on the file and that stupid window with all the "infections" pops up but I dont' do anything other than close out the windows and dont purchase the product. Do I still need to delete or remove anything, or download the removal tools?