Windows Power Expansion

Posted: March 25, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	90

First Seen:	March 25, 2011
OS(es) Affected:	Windows

The presence of Windows Power Expansion on your PC means subjugation to fake errors and alerts, crashing programs and browser hijacks. Windows Power Expansion is only one example of a rogue security program in a vast cloned army of threats that all use these same malicious attacks while pretending to be security products. When removing Windows Power Expansion, be on the alert for Trojans, since Windows Power Expansion and its many copycats are distributed by Trojan that fake the look of a Microsoft Security Essentials warning pop-up.

A Powerful Expansion Indeed, but Only for Malware

The possibility of infection by Windows Power Expansion usually starts with a message like the following:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

This is a fake alert used by the Fake Microsoft Security Essentials Alert Malware. Ironically, the Trojan will warn of a Trojan itself, but in the process of doing so will attempt to install rogue security software.

Windows Power Expansion is one possibility this Trojan may force you to face , but not the only one - Windows Simple Protector, Windows Background Protector and Windows Lowlevel Solution are just a few samples of similar threats that are delivered in the same way.

It's important for your computer's security that you recognize the fake and fraudulent nature of both the Trojan's warnings and the warnings given by Windows Power Expansion itself - keeping these programs on your PC will result in security attacks as follows:

Windows Power Expansion corrupts your Registry to let the rogue anti-virus application runs as soon as Windows starts, with no option to turn this automatic startup off. When launching, Windows Power Expansion will pretend to show ratings for your System Security, Privacy, Media Tools and other vague aspects of your PC. Windows Power Expansion will always rate your PC badly, and always show updates out of date – because Windows Power Expansion is not really analyzing your computer in the first place.
By altering your web browser to use a proxy server, Windows Power Expansion may redirect you to malicious websites, especially sites that pretend to market security software. Visiting malicious sites can cause other malware attacks on your PC. This same tactic can also stop you from visiting beneficial websites with altered or fake content, including fake dangerous website warnings.
Other programs, particularly including security software, may be unable to run while Windows Power Expansion is active. Windows Power Expansion will make every attempt to stop popular anti-malware tools and Windows programs like Task Manager from running, since those applications could potentially help you remove the threat.
Error messages and desktop alerts will be unusually frequent and completely erroneous. These errors are just Windows Power Expansion's attempts at wheedling you into registering Windows Power Expansion to make fake problems disappear. Don't take the 'easy' way out, since Windows Power Expansion is harder on both you and your PC in the long run!

Expanding Your Solutions to Windows Power Expansion

Never give away private information or money to any entity promoted by Windows Power Expansion – all this accomplishes is placing your computer and you at further risk of harm. Remove the source of the problem, Windows Power Expansion, by using the same tools and strategies you would implement against any common virus or Trojan.

Using Safe Mode will offer you the best possibility for stopping Windows Power Expansion from launching – and if Windows Power Expansion can't launch, it can't stop your anti-malware applications from running. Updates for these applications are essential, since Windows Power Expansion is a relatively new copy of older rogue anti-virus programs and may be undetectable by scanners without the latest updates.

When you're in the middle of your malware-cleaning process, remember that it's most likely a Trojan dropped Windows Power Expansion. Forgetting the delivery mechanism (a Trojan download) may result in your computer getting a brand new threat as soon as you've taken care of Windows Power Expansion.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\Microsoft\dkjwir.exe

File name: dkjwir.exe
Size: 2.29 MB (2295297 bytes)
MD5: 3baf809034dde51914d252fbc07bdb75
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\Microsoft
Group: Malware file
Last Updated: March 25, 2011

Additional Information

The following messages's were detected:

#	Message
1	Attention Suspicious software activity is detected. Please start system files scanning for details.

8 Comments

Becky says:

March 28, 2011 at 11:12 am

The part about purchasing Windows Power Expansion, Yeah, they got me. What do I do now if I purchased it. It has not fully cleared my credit card but I fear they could start charging other charges on it. Do I need to cancel my card? These Hackers should be shot!
Markie says:

March 28, 2011 at 3:54 pm

Well they got me too, how do i delete it now? ive been tringto find out but cant. those ass holes got me good:(
Ropeyice says:

March 28, 2011 at 6:03 pm

Thank you soooooooooooo much you saved me a trip to a computer fix store
Johnny Flint says:

March 29, 2011 at 2:15 pm

I could have sworn this Windows Power Expansion came with my new PC. But after seeing about 10 popups in a matter of 5 minutes I knew it was not legit. How do you guys find out about these programs? Also, I removed it using your recommendation. Thanks lots!
Meg Anderson says:

March 29, 2011 at 8:14 pm

The only thing that pops up is Windows Power Expansion. I can't install any protection nor can I get to the run or command prompt. Any advice?
Jeremy says:

March 30, 2011 at 11:40 am

Hi,

This problem has occurred on my girlfriends PC and it won't allow me to access Task Manager to delete it. How can I get around this? Any help would be greatly appreciated
Peter says:

March 31, 2011 at 11:40 am

Can you boot into safe mode F8 and run your program to remove Windows Power Expansion? For some reason my McAfee has failed to detect this crap even in safe mode. Please help!
Walter Clark says:

April 8, 2011 at 8:02 am

This one file I downloaded was infected with a virus, forced Windows power extension to show up on my computer automatically. if wou click deny on the Warning message, it will pop back on the computer screen. Windows power extension will force Windows Internet Explorer, Google, or other files to crash. (access denied), and the error message on the screen will say "Internet Explorer has stopped working.
On Foxtab, the internet will last 5 seconds, and then, it will crash. Windows Power Extension will not allow you to 'gain access to the files, or search the web. It is blocking them. You have to only purchase it by credit card right away. If you wanted to delete this software, you will be out of luck, because it is not found in the add/remove programs list in the control panel section of windows