Disk Antivirus Professional is a rogue of the WinWeb Security Family.

Disk Antivirus Professional like so many of today’s rogues, block the running of all other applications and the constant pop ups and re-directs to scare messages designed to scare those infected into buying the rogue.

Files and Locations:

%APPDATA%\<random named> .exe

%APPDATA% is a token path that relates to the following:

XP OS:
<Drive>:\Documents and Settings\Users\Application Data

Vista and Windows 7:
<Drive> \USERS\<USER>\AppData\ROAMING

The Disk Antivirus Professional rogue can be removed with manually, however, because of blocking apps and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the Disk Antivirus Professional rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

The Windows Protection Maintenance is referred to as a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Protection Maintenance creates pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Protection Maintenance includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Protection Maintenance rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Rogue using name Micorsoft Essential Security Pro 2013

This fake Antivirus comes down from fake flash Update scam sites and immediately runs from where it is dropped to. It doesn’t show fake alerts but it does hijack the .exe file associations in the registry.

Rogue made a transmission to site used for the payment page:
john.denebasendtoend(DOT)pro/users/?ch=1&id=75ab7c06-9dc6-4bbf-b5b9-72b7511a12c3

Registry of file associations hijacking

HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\DefaultIcon
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\open
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\open\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\runas
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\runas\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\DefaultIcon
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\open
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\open\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\runas
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\exefile
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
HKEY_CLASSES_ROOT\.exe\DefaultIcon
HKEY_CLASSES_ROOT\.exe\shell
HKEY_CLASSES_ROOT\.exe\shell\open
HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CLASSES_ROOT\.exe\shell\runas
HKEY_CLASSES_ROOT\.exe\shell\runas\command

The rogue can be removed with manually, however, because of file associations Hijacking and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial of Vipre to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

System Progressive Protection is a rogue of the WinWeb Security Family

System Progressive Protection  blocks the running of all other applications and the constant pop ups and re-directs to scare messages designed to scare those infected into purchasing the rogue.

Files and Locations:

%APPDATA%\<random named> .exe

%APPDATA% is a token path that relates to the following:

XP OS:
<Drive>:\Documents and Settings\Users\Application Data

Vista and Windows 7:
<Drive> \USERS\<USER>\AppData\ROAMING

The System Progressive Protection rogue can be removed with manually, however, because of blocking apps and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial of Vipre to remove the System Progressive Protection rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

The Windows Safety Series is referred to as a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Safety Series creates pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Safety Series includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Safety Series rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

The Windows Secure Workstation is called a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Secure Workstation produces pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Secure Workstation includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Secure Workstation rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

The Windows Anti-Malware Patch is a program made to look like a real Antivirus application that is referred to as a rogue and which uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Anti-Malware Patch generates fake pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Anti-Malware Patch includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Anti-Malware Patch rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

The Windows Virtual Security is called a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Virtual Security produces pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Virtual Security includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Virtual Security rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

The Windows Antivirus Release is an application designed to look like a real Antispyware program that is referred to as a rogue and which uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Antivirus Release generates fake pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Antivirus Release includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Antivirus Release rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com