- The first method is the use of hacked web sites that exploit visitor's unprotected programs in order to install the program without your permission.
- The second method uses web sites that display false online anti-malware scanners that deceive to scan your computer, state that it is infected, and then prompt you to download and install Windows Secure Workstation in order to clean it.
- Finally, this infection is also spread through Trojans that pretend to be software required to view an online video.
Thursday, 25 October 2012
Windows Secure Workstation: A False Anti Malware Tool
Windows Secure Workstation is a new version of online threat or a scam. It is a fake antivirus program which is created by Cyber criminals. This program is a rogue anti-spyware program from the Rogue.FakeVimes family and previous versions of this malicious software were named Windows Anti-Malware Patch, Windows Virtual Security and many others. It is considered as a rogue because it displays false security alerts and fake scan results in order to mislead you for activating it's "ultimate protection" (purchase its full version to remove the detected security infections). In reality none of the security threats that are indicated by Windows Secure Workstation exists on your computer. This false security scanner is just an image of a real antivirus software. In case of analyzing this program it is hardly possible for us to find neither a virus definition database nor a legitimate scan engine. This is the basic reason for which the Malwarebytes research team has determined that Windows Secure Workstation is a fake anti-malware application which should be eliminated from your computer. This particular variant is spread via three methods:
When this antivirus software program is installed on your or user's computer, it will create hundreds of Image File Execution Options Registry entries that make it so that you not able to run many legitimate security applications or Windows utilities. When you try to run one of these programs, these changes will instead cause the Windows Secure Workstation program to execute instead. This allows the rogue to take full control of your computer. When started, it starts to perform a security scan which will end up in a detection of multiple security threats. Then if a PC user clicks on "Remove All" button Windows Secure Workstation will ask to purchase its full version. This misleading method is used to swindle money from unsuspecting PC users.
While running, Windows Secure Workstation will also display fake security alerts that is designed to make you think that your computer has a severe security problem. These warnings may state that your computer is at risk or that your programs are infected. It generates such fake warning messages:
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"
"Warning! Identity theft attempt Detected Hidden connection IP: 18.104.22.168 Target: Your passwords for sites"
"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
"Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash"
"Trojan-PSW.Win32.launch Hack Tool:Win32/Welevate.A Adware.Win32.Fraud"
Windows Secure Workstation is extremely aggressive and hard to remove. It needs Online Antivirus Support to remove or uninstall this fake anti – virus tool from your computer. So, take help from experienced computer technicians to remove Windows Secure Workstation and any associated malware from your computer for free.
John Parker is an experienced consultant of Online Antivirus Support. To know more about and get assistance on computer support and services, please, visit http://www.fixsmith.com/ .