6/11/2012

Windows Privacy Councel to get rid of

1.Description

Windows Privacy Councel is a fake antivirus program that does its best to extort money from gullible PC owner. The virus comes from the well-designed malware family, wide-spread on the Web nowadays. Unfortunately there's always a chance that any Internet user can run into this virus. Cyber crooks are always looking for unwary PC users because they are usually not aware of fake security alerts and most likely will fall victim to scam. Not to get to the risk group, go on reading this entry.


2. Behavior inside the compromised system

Windows Privacy Councel is being transmitted via fake online virus scanners and pop-up notifications claiming that you need to update your antivirus software. At once upon installation, the rogue pretends to scan your computer for malicious software. It throws hundreds of fake virus warnings to make you think that your PC is under severe virus attack and launches falsified system scanners. It ends up with generation of untrue The virus prevents you from running task manager, registry editor or even command prompt. The nasty bug may modify Windows host file and change Windows proxy settings. Besides, Windows Privacy Councel stays active in safe mode. To 'unlock' the allegedly infected computer the user is instructed to pay almost 90 bucks. But it is a trick for trustful users. Do not jump at this bait.

3. Files

In the process of the installation, Windows Privacy Councel copies the following files to the hard disk.

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[rnd].exe
  • %AppData%\result.db

4. System registry

Windows Privacy Councel creates the following registry entries:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

Windows Privacy Councel malware remover:

malware removal tool

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)