The Emsisoft malware research team has discovered a new outbreak of the Windows Simple Protector adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSimpleProtector.
Windows Simple Protector is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.
Another variants:
- Windows Stability Center
- Windows Power Expansion
- Windows Expansion System
- Windows Background Protector
- Windows Lowlevel Solution
- Windows Support System
- Windows Emergency System
- Windows Threats Removing
- Windows Remedy
- Windows Troubles Remover
- Windows Troublemakers Agent
- Windows Servant System
- Windows Defence Center
- Windows Error Correction
- Windows Performance Manager
- Windows Troubles Analyzer
- Windows Processes Organizer
- Windows Optimal Tool
- Windows Express Settings
- Windows Safety Guarantee,
- Windows Express Help,
- Windows AV Software,
- Windows User Satellite,
- Windows Problems Solution,
- Windows Optimal Settings,
- Windows Optimal Solution,
- Windows Care Tool,
- Windows Software Guard,
- Windows Wise Protection,
- Windows Software Protection,
- Windows Problems Protector,
- Windows Shield Center,
- Windows Problems Remover,
- Windows Health Center,
- Windows Antispyware Solution,
- Windows Universal Tools,
- Windows Risk Eliminator,
- Windows Security & Control,
- Windows Utility Tool,
- Windows Optimization & Security,
- Windows Optimization Center,
- Privacy Guard 2010.
Create new file:
- %UserProfile%\Application Data\Microsoft\%random%.exe
Create/modify registry entries:
- HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe - HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1) - HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0) - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe - HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe
Screenshots:
How to remove the infection of Windows Simple Protector (Adware.Win32.WindowsSimpleProtector)?
To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
