Windows Process Director
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 12,068 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 5,194 |
| First Seen: | March 21, 2012 |
| Last Seen: | August 8, 2023 |
| OS(es) Affected: | Windows |
Windows Process Director Image
Windows Process Director is one of the many fake anti-spyware programs belonging to the FakeVimes family of malware. While these rogue anti-spyware applications have been active since 2009, a large batch of clones of Windows Process Director was released in early 2012, with names such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
There are no differences between modern clones of Windows Process Director and the early versions of the FakeVimes family of malware. The newest batch of clones tends to be bundled along with a rootkit component that makes detection of Windows Process Director much more difficult than normal. While rogue security applications of the FakeVimes family tend to use file names made up of three random characters, Windows Process Director and its newest batch of clones use file names made of three random characters preceded with the string "protector-" or "inspector-". Besides these superficial differences, Windows Process Director is no different from the majority of fake security applications that are found online. Like with most rogue security programs, ESG PC security analysts recommend dealing with a Windows Process Director infection with the help of a reliable anti-malware tool, in this case, with anti-rootkit technology.
Table of Contents
Understanding How the Windows Process Director Scam Works
The Windows Process Director scam is quite old and has existed in some form or another even before the advent of the Internet age. Basically, criminals take advantage of computer users' lack of computer security knowledge in order to make them believe that their computer system is severely infected. Then, they market Windows Process Director as a solution to the nonexistent problem on the victim's computer. Since Windows Process Director is the cause of any problems on the infected computer, paying for this fake security program is definitely not a good idea.
Some ways in which Windows Process Director tries to convince PC users to purchase for its useless "full version" include displaying large amounts of bogus security alerts, a fake system scan upon start-up and constantly directing the victim towards Windows Process Director's website. It is important to disregard all claims that Windows Process Director makes, especially those that have to do with your computer system's security. Most rogue anti-spyware programs come from fake online malware scans, so it is also advisable only to use the services of reputable, well-respected security software manufacturers (rather than suspicious advertisements).
Windows Process Director Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %AppData%\Protector-[RANDOM 3 CHARACTERS].exe | |
| 2. | %AppData%\NPSWF32.dll | |
| 3. | %AppData%\result.db | |
| 4. | %CommonStartMenu%\Programs\Windows Process Director.lnk | |
| 5. | %Desktop%\Windows Process Director.lnk |
Registry Details
URLs
Windows Process Director may call the following URLs:
| installcurrentoverlythefile.vip |
Messages
The following messages associated with Windows Process Director were found:
|
Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended. |
|
Warning
Firewall has blocked a program from accessing the Internet C:program filesinternet exploreriexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124 Target: Your passwords for sites |
