Windows Optimization & Security

Windows Optimization & Security is another Bogus antivirus program clone of Windows System Optimizator and Windows Optimization Center

He may look like this : (Source Forum malwarebytes)

Is another rogue faking microsoft security essentials alert pushing into installing the windows optimization and security by fake setup installers.

He may release his own icon in taskbar and desktop when registered.He use a brute way to hide itself from delete file he create a copy of itself in %appdata% but for now he didnt use protect.exe filename also it use random names and hide itself.

He may hijack the winlogon shell in resulting almost difficulty to remove in safe mode by this rogue when closed explorer but his alerts and blocking apps still remain :

Example of random file .exe it may look like : C:\Documents and Settings\{username}\Application Data\payjxv.exe

It also disable System restore and blocking windows defender and kill the windows defender process with its own commands.

It also disable UAC user account control and spread the commands to kill microsoft security essentials :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR="1"

You can reset the value of DISABLESR to 0 re enabling the system restore ability

WINLogon shell hijacked

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Shell"="'C:\Documents and Settings\{username}\Application Data\payjxv.exe'"

When you get this you can change back to explorer.exe and delete the file in cause

MD5 of the virus for curious : 03f4360a1503e369199dbaee4afa5f28

ESET-NOD32 A Variant Of Win32/Adware.PrivacyGuard2010.AD

Microsoft : Rogue:WIN32/Fakepav

In this evolution of fakepav it increase its ability per every cloned family. Test the virus at the risk

Thanks to Virusshare.

For removal press here https://forums.malwarebytes.com/topic/72980-removal-instructions-for-windows-optimization-security/