Windows Secure Workstation is a daily FakeVimes parasite that was spotted on 13 August, 2012. This rogue uses the same GUI, typical to FakeVimes, and displays identical alerts reporting about trojans, adware, malware and other viruses. If you see such alerts, keep in mind that they are worthless and should be simply ignored if you don't want to lose your money. The way how you can do that is really simple – Windows Secure Workstation offers to purchase its licensed version in order to remove its detected viruses. Of course, these 'viruses' are harmless system files and this 'licensed version' is nothing else but a tool used by scammers to swindle users' money. By entering your credit card details, you may also find yourself ripped off completely, so contact your credit card company immediately if you have already paid for useless Windows Secure Workstation version.
HOW CAN I GET INFECTED WITH Windows Secure Workstation?
The common way how all FakeVimes scarewares are distributed includes blackhat social engineering and corrupt downloads. Windows Secure Workstation is also spread through potentially unsafe or compromised web resources filled with infected freeware, shareware, updates and other programs. As soon as PC is infected, it's modified so that the malware could launch just after every computer's reboot. In addition, Windows Secure Workstation will start displaying misleading alerts and scanners claiming something like that:
There’s a suspicious software running on your PC.
For more details, run a system file check.
Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Please click “remove All” button to erase all infected files and protect your PC
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexpolre.exe
C:\program files\internet explorer\iexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Please click “Prevent attack” button to prevent all attacks and protect your PC
As you can see, Windows Secure Workstation is a program that is capable to lead computer only to the deterioration of the machine’s performance. It is capable to display only fake security scanners and alerts that are designed to make user pay for its license. Be sure that Windows Secure Workstation is a rogue program that must be eliminated without any delay. As soon as you receive its alerts and spyware threats detected on your system, remove this scam. Otherwise, it will make your PC slow and laggy, will start tracking your browsing habits and will do other stuff which is categorized as 'illegal'.
HOW TO REMOVE Windows Secure Workstation?
In order to remove Windows Secure Workstation from the system, you shouldn't try doing that manually because you may remove wrong files from the system what may lead you to system danage. According to our research center, you should rely on Reimage and Malwarebytes. Note that these programs must be updated before a scan. If you still can't launch them, disable Windows Secure Workstation by entering this code that will make your virus think you have purchased its license: 0W000-000B0-00T00-E0020. Additionally, scan with Reimage
The latest parasite names used by FakeVimes:
Windows Secure Workstation manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe
And there are much more similar entries...