April 21, 2011

Windows Expansion System.

Windows Expansion System is another of the many fake Microsoft Security Essentials impersonators.
Although more than single family of parasites, they use common ruse to convince users they are legitimate. First, you will see a popup that is supposedly from Microsoft Security Esentials – a legitimate antivirus. The popup will claim that your PC is infected  and needs additional scanning.

If you click on the popup, the fake Microsoft Security Essentials will scan it and show that some infections can be removed by other antivirus by “Microsoft” – Windows Expansion System. The fake Microsoft Security Essentials will suggest to download and install this “antivirus”. When the system reboots, instead of normal windows shell you will be greeted by Windows Expansion System window that can not be minimized.
You should not be surprised that you haven’t heard about Windows Expansion System – there is no legitimate program by such name. This family of fake antiviruses creates lots of fake antiviruses by using similar names.

You will not be able to close Windows Expansion System window before it finishes its scan. During the scan, it will detect lots of infections and will ask you to pay to remove it.

Good news is that Windows Expansion System and its trojans warnings and alerts are fake: Majority of system files and executables are perfectly safe and will work once you disable the trojan.


Kill malicious Processes from Task Manager:
  • [random].exe
Location of the infection:
  1. %UserProfile%\Application Data\[random]\
  2. %UserProfile%\Application Data\[random]\.[random].exe
  •  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]" 
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
Although it is possible to manually remove Windows Expansion System, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend  malware and spyware removal applications.

After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More