Windows Expansion System
Posted: March 29, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 7 |
First Seen: | March 29, 2011 |
---|---|
Last Seen: | January 8, 2020 |
OS(es) Affected: | Windows |
Windows Expansion System is the latest member of a sprawling rogue security program gang that uses fake infection warnings, fake scanning displays and web browser hijacking to confuse you into purchasing a rogue security program. As a preemptive defensive measure, Windows Expansion System will also block different necessary PC maintenance and diagnostic programs with a particular focus on anti-malware scanners. These different security-related attacks make removing Windows Expansion System necessary to insure your computer's privacy and safety, especially since all information provided by Windows Expansion System is completely disingenuous.
Windows Expansion System is One More Rogue Security Product for the Trojan Payload
Windows Expansion System comes from the same thickly-populated line of rogue security programs as Windows Power Expansion, Windows Error Correction, Windows Servant System, Windows Support System and PrivacyGuard 2010. This unsavory pedigree is particularly worth remembering because all of these rogue security programs use the same Trojan to infect your PC: the Fake Microsoft Security Essentials Alert Malware.
If you see messages like these, you have an infection by the Fake Microsoft Security Essentials Alert Malware, and should beware of accidentally installing Windows Expansion System or another rogue security program:
Microsoft Security Essentials Alert
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspender until you take an action.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
The application [application name] was launched successfully but it was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might pose a threat for the OS.
It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
You might also see alerts about a Trojan.Horse.Win32.PAV.64.a Trojan. This Trojan is a false alert by the Fake MSEA infection and should be ignored. Immediately taking high-level security steps to remove this Trojan might save you from having to deal with Windows Expansion System at all.
However, if you do unintentionally install Windows Expansion System or a related rogue security program, you'll start seeing more fake alerts similar to these:
Attention
Suspicious software activity is detected.
Please start system files scanning for details.
Attention
Software without digital certificate is detected. System files security is at risk.
It is strongly recommended to enable the security mode.
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Critical vulnerability!
Application that seems to be a key-logger is detected.
System information security is at risk. It is recommended to enable the security mode and run
total System scanning.
Windows Expansion System will use these fake warnings to frighten you into purchasing Windows Expansion System's registration, as well as using them as excuses to block completely harmless applications. Your anti-malware applications and many Windows programs will, therefore, fail to function properly as long as Windows Expansion System is active in memory.
Uninstalling Windows Expansion System's Fraud of an Expansion
Maintaining control over and safety for your computer are both impossible without deleting Windows Expansion System. Windows Expansion System's browser hijacking behavior will force you to visit malicious websites that may steal personal information or force other malware downloads onto your PC, and can also prevent you from visiting useful websites by barring them via advertisements and fake warnings. Even if Windows Expansion System doesn't appear to be active, Windows Expansion System may still run in memory as a background process that can interfere with all other actions you take on your computer.
If you're prepared to remove Windows Expansion System, you should try to avoid manual deletion except as a last possible resort. Improperly deleting Windows Expansion System can result in temporary or permanent harm to your operating system, particularly disabled online connectivity. Using updated and widely-lauded anti-malware software will let you remove Windows Expansion System with far less chance of side effects.
Don't forget about that Trojan that likely delivered Windows Expansion System, either – if you fail to remove all related malware at once, you may need to start all again as soon as the Trojan drops its next threat payload!
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\Microsoft\klsvdn.exe
File name: klsvdn.exeSize: 2.31 MB (2316288 bytes)
MD5: 1d345dcc19d82af8c4eb4e4e446511ed
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\Microsoft
Group: Malware file
Last Updated: January 8, 2020
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.