“Win 8 Security System” has nothing to do with Windows8 ,its just a Fake Antivirus , rouge software.

There has been a lot of Fake Antivirus, it has been a trend that , the name of these softwares were always named in such a way that it can be confused with a Windows or Microsoft software. The latest one is “Win 8 Security System” it can be very easily confused with a software program or some software related to the upcoming Windows 8, by general computer users.

The Win 8 Security System works by installing a rootkit driver that takes the control of all the process of the operating system.

Win 8 Security
Win 8 Security, the Fake Antivirus software.

 

The rootkit is installed in the C:\Windows\system32\drivers\51991c15f7a6834.sys (note the numbers are random, your may be a different filename but the location is the same) The rootkit is of two  variant the 64bit , the rootkit disables the Windows 64bit kernel-mode driver signing. The cyber criminals also went ahead and slef signed the rootkit driver, note that the certificate date starts from 30th August (yesterday) !

Note the date of the certificate on the Fake Antivirus it starts on 30th August thats yesterday.

The virus also creates a Fake Action Center which shows the user that the computer is not fully protected.

Fake Windows Action Center

Browser Hijack, the proxy settings gets changed it happens both IE and Chrome , so whatever you type in the address bar it gives a fake  warning.

The main purpose of these fake antivirus is to scare the user and ask them to pay money and says that if you pay money the will get it out of your system and you should know this they wont! even if you have submitted your credit card (which is taken by the cyber criminals) I have seen many people who have regretted submitting their credit card. So, my request is that please do not submit your credit card, they will steal your money and not fix your computer.

They say to buy the software and they will fix your PC, but they wont trust me.

 

Clicking the shortcut icon to buy the software will add this to your computer registry   Target: C:\WINDOWS\system32\reg.exe add “HKCU\SOFTWARE\Microsoft\Windows NT” /v FrameworkBuild /t REG_DWORD /d 0 /f that will open the shopping cart

Shopping cart designed to steal your credit card information.

 

 

How to remove it?
You must be wonderring how to remove this from your PC. You can use the Hitman Pro software (you will get a free licence with the download)
 
Hitman Pro running on 64 bit machine.

 

Leave a Reply

Your email address will not be published. Required fields are marked *