«

»

Aug 13

Windows Secure Workstation Rogue

The Windows Secure Workstation is called a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Secure Workstation produces pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Secure Workstation includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Secure Workstation GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Secure Workstation rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>