May 28, 2011

Malware Protection.

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues.
To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges.

Malware Protection is a re-branded version of Spyware Protection scareware. I'm pretty sure we'll see a whole new set of rogue applications like these two in the next few weeks. In a common scenario, Malware Protection is promoted via infected websites that redirect users to fake virus scanners claiming to sell antivirus software. Well, it's basically a pop-up message, alerting you that your computer is infected with viruses, Trojans or even spyware. Once installed, Malware Protection will pretend to scan your computer malicious software, virus and other security problems. As you can imagine, it will state that your computer is infected. It will block other programs on your computer and will close web browser if you try to download anti-malware or anti-virus software.


Kill malicious Processes from Task Manager: 
  • <random>.exe
 Location of the infection:
  1. %UserProfile%\AppData\[random].exe
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
Although it is possible to manually remove Malware Protection, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend  malware and spyware removal applications.

After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.


Thanks for the knowledge sharing. It is very helpful. I try to write about this issue also in my blog. Please visit and comment when you have time

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



Twitter Delicious Facebook Digg Stumbleupon Favorites More