Windows Enterprise Defender is a rogue anti-spyware, or scareware, program from the Virus Doctor family. When installed, this program will be configured to start automatically when you load Windows as well as making a series of harmless files with the following names:

%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\pal.sys
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\tempdoc.tmp

When Windows Enterprise Defender scans your computer, it will detect the above files as infections and state that you need to purchase the program before it will remove them. The reality is that these files are all harmless and can have no effect on your computer. They are only being created, and then detected, to scare you into thinking you have actual infections on your computer. As you can see this is a scam and you should not purchase the program for any reason.

While Windows Enterprise Defender is running it will display security alerts on your desktop stating that your computer is under attack or that active malware has been detected. These alerts are just another tactic where they are trying to convince you that your computer has a problem and should be ignored. As you can see, Windows Enterprise Defender purposely uses fake alerts and false scan results as a method to scare you into purchasing the software. It goes without saying that you should not do so, and if you already have we suggest you contact your credit card company to dispute the charges. If you are infected with this malware, then please use the guide below to remove it from your computer.

TrustSoldier is a new scareware program that is installed and promoted through the use of Trojans. When the Trojan installs TrustSoldier it will configure it to start automatically when your computer starts. The Trojan will also install numerous harmless files that have random names onto your computer. When TrustSoldier starts it will scan your computer and detect these harmless files as malware and will state that you need to purchase the program to remove them. Though these files are harmless, it detects them as malware to try and trick you into thinking they are infections so that you will potentially purchase TrustSoldier. It goes without saying that you should not purchase this program.

While TrustSoldier is running you will also see numerous security notices appear on your desktop warning you that your computer has a security problem. These alerts will contain messages ranging from warnings that your computer is under attack to a message stating that an active malware has been detected running on your computer. The Trojan will also display a Windows Security Center window that is an imposter of the legitimate Microsoft version. The difference is that the imposter will state that you should register TrustSoldier in order to protect your computer, while the legitimate version does not recommend any particular security software. Just like the fake scan results, these alerts are just another tactic to scare you into thinking that you are infected.

If you find that TrustSoldier is on your computer then please use the steps below to remove this infection and any related malware. If you have already purchased this program then we suggest you contact your credit card company and dispute the charges.

Windows Smart Security is a rogue anti-spyware program that utilizes aggressive advertising and false scan results to trick people into purchasing the program. When Windows Smart Security is installed it will be configured to start automatically and then scan your computer. When the scan has finished it will state that you have numerous infections on your computer, but will not let you remove them until you purchase the program. The results, though, are either grossly exaggerated or outright lies that are used to trick you into thinking you are infected.

Windows Smart Security will also display fake security alerts and firewall warnings on your computer. These alerts will contain dire warnings that your computer has security problems and that if you do not purchase Windows Smart Security you are at risk for identity theft, bank account theft, and loss of data. An example of a message you will see, including its horrible grammar, is:

REMOVE ALL SPYWARE FROM YOUR PC!
SECURE YOURSELF RIGHT NOW!
ARE STILL THERE and could break your life!
with all the images, and all the downloaded and maybe later removed movies or mp3 songs -
Every site you or somebody or even something, like spyware, opened in your browsers,
FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES
LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS.
WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK.
YOUR COMPUTER IS INFECTED WITH SPYWARE!
YOUR'RE IN DANGER!

Windows Smart Security will also show a fake Windows crash, or Blue Screen of Death, that pretends that a major Windows driver, NTFS.SYS, has a problem:

*** NTFS.SYS - Address 0xFBFE7617 base at 0xFD3094C2, DateStamp 3d6abeff
*** STOP: 0x00000050 (0xFD3094C2,0x00000001,0xFBFE7617,0x00000000)
Technical information:
select Safe Mode.
your computer, press F8 to select Advanced Startup Options, and then
If you need to use Safe Mode to remove or disable components, restart
or software. Disable BIOS memory options such as caching or shadowing.
If problems continue, disable or remove any newly installed hardware
for any windwos updates you might need.
If this is a new installation, ask your hardware or software manufacturer
Check to make sure any new hardware or software is properly installed.
these steps:
restart your computer. If this screen apears again, follow
If this is the first time you've seen this stop error screen,
PAGE_FAULT_IN_NONPAGED_AREA
The problem seems to be caused by the following file: NTFS.SYS
to your computer.
A problem has been detected and Windows has been shut down to prevent damage

You will then receive a prompt to purchase Windows Smart Security to fix the problem.

As you can see Windows Smart Security was designed for one reason; to scam you into thinking that you are infected in the hopes that you then purchase the program. It goes without saying that you should not purchase the program, and if you already have, I suggest you contact your credit card company to dispute the charges. Last, but not least, please use the guide below to remove this infection and any related malware.

Cyber Security is a scareware program from the same family as Total Security . This rogue is promoted through the use of malware as well as fake online anti-malware scanners. When installed via Trojans, it will be installed on to your computer without your permission. When promoted via the web, you will see a pop-up that states that your computer is infected and that you should download and install Cyber Security to protect your computer. When the program is installed it will be configured to start automatically when you start Windows and perform a scan of your computer. When the scan has finished, Cyber Security will state that there are numerous infections on your computer, but will state it cannot remove anything unless you first purchase the program. This method of showing fake scan results is just a method where the developers of Cyber Security are trying to trick you into thinking that your computer has a security problem in the hopes that you will then purchase the program. As the only security problem on the computer is Cyber Security, you should not purchase this program.

Cyber Security also installs an Internet Explorer Browser Helper Object that is used to hijack your browser when you are surfing the web. When browsing the web you will be randomly be redirected to an about:blank page where you will be shown a red screen with a message stating that This website has been reported to be unsafe and will then suggest that you update your web protection software. When you click on that link you will be brought to a site that is attempting to sell Cyber Security to you. This browser hijack is attempting to impersonate Firefox's and Google's Secure Browsing feature that alerts you when you visit unsafe sites. In Cyber Security's method it does not matter if the site you are visiting is legitimate or not, it will still randomly show the message so that you think you are at risk.

While Cyber Security is running it will also show numerous alerts and screens that are devised to make you think that there is a major security problem on your computer. One tactic is to randomly display alerts from your Windows taskbar that contain fake messages in various languages:

In English:

Privacy violation alert!
Cyber Security has detected numerous privacy violations. Some programs may send your private data to an untrusted internet host. Click here to permanently block this activity and remove the possible threat (Recommended)

System files modification alert!
Important system files of your computer may be modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification and remove potential threats (Recommended).

Spyware activity alert!
Spyware.IEMonster activity detected. It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal. It may also create special tracking files to log your activity and compromise your Internet privacy. It's strongly recommended to remove this threat as soon as possible. Click here to remove Spyware.IEMonster.

In German:

Gefahr!
Systemdateien wurden geandert! Irgendeinen wichtigen Systemdateien wurden von gefahrvolles Programm geandert. Das kann Systemsinstabilitat und Datenverzicht zur Folge haben. Klicken Sie hier an um unberechtigten Modifikationen durch die Loschung der Gefahrdungen zu blockieren (empfehlt).

In French:

activite du Logiciel espion!
Logiciel espion. Lactivite de IEMonster est decouverte. Cest un Logiciel espion, qui tente de s'emparer des mots de passe d Internet Explorer, Mozilla Firefox, Outlook et d autres programmes, y compris des logins et des mots de passe des operations bancaires en ligne, eBay, PayPal. Il peut egalement creer des poursuites speciales des fichiers pour enregistrer votre activite et compromettre votre intimite a l'Internet. Il est fort recommande d eradiquer la menace le plus vite possible. Cliquez ici pour supprimer le Logiciel espion. IEMonster.

Cyber Security will also display a window that will impersonate the legitimate Microsoft Windows Security Center. The difference is that the imposter will suggest that you purchase Cyber Security to secure your computer. Last, but not the least in a long line of deceptive tactics, Cyber Security will randomly display a screen saver that impersonates Windows crashing with a Blue Screen of Death that contains a message that Spyware caused it. Then the screen saver will show your computer rebooting with a message that you should purchase Cyber Security to protect yourself. The text you will see in the screen saver crash is:

***STOP: 0x000000D1 (0x00000000, 0xF73120AE, 0xC0000008, 0xC0000000)
A spyware application has been detected and Windows has been shut down to
prevent damage to your computer
SPYWARE.MONSTER.FX_WILD_0x00000000
If this is the first time you've seen this Stop error screen, restart your
computer. If this screen appears again, follow these steps:
Check to make sure your antivirus software is properly installed. If this is a
new installation, ask your software manufacturer for any antivirus updates
you might need.
Windows detected unregistered version of %product% protection on your computer.
If problems continue, please activate your antivirus software to prevent computer
damage and data loss.
*** SRV.SYS - Address F73120AE base at C00000000, DateStamp 36b072a3
Beginning dump of physical memory...

It is important to understand that this is just a screen saver and your computer is not actually crashing and rebooting.

As you can see, Cyber Security uses numerous tactics to try and have you think that there is a serious security problem on your computer. The reality, though, is that the only serious problem is Cyber Security itself. Therefore, please do not purchase the program due to the alerts this program shows you. If you have already purchased the program, then please contact your credit card company and dispute the charges. Last, but not least, please use the guide below to remove Cyber Security and any related malware from your computer for free.

Antivirus is a scareware program from the same family as Antivirus Pro 2010. This rogue is promoted through the use of malware that installs it onto your computer without your permission. Once installed it will configure Antivirus to start automatically when you login to Windows. Once started, it will scan your computer and then display numerous infections that it will not remove until you purchase the program. The infections that it states are on your computer, though, do not actually exist and are only being shown to scare you into thinking that you are infected. When the program is installed it will also modify your Windows HOSTS file so that it can show you web sites that appear to be from well known companies that include PCmag.com, techradar.com, zdnet.com, and cnet.com, but are in fact controlled by the developers of Antivirus. These sites contain fake reviews of Antivirus that state that the program is highly rated and should be purchased to protect your computer.

When the program is running you will also see numerous alerts appear on your desktop stating that your computer is under attack. Antivirus will also display a fake Windows Security center that looks exactly like the legitimate one. The only difference is that it will promote Antivirus as a Microsoft recommend security application. As you can see, Antivirus was designed to trick you into thinking you are infected through fake alerts and scan results, while at the same time creating an image that it is a excellent program through fake review sites. With this said, if you are infected with Antivirus then please use the removal guide below. If you have already purchased the program then we suggest you contact your credit card company to dispute the charges.

SafeFighter is a scareware program that is installed by Trojans and that utilizes fake scan results to convince you to purchase the program. When the Trojan installs SafeFighter, SafeFighter will be configured to start automatically when you login to Windows. The Trojan will also create a large amount of harmless files that have random file names. These files will then be detected as infections when SafeFighter scans your computer. The program, though, will tell you it will not remove any of these supposed infections unless you first purchase the program. The reality is that the files that SafeFighter states are infections pose absolutely no threat to your computer and are only being shown to scare you into thinking that you are infected. Therefore, please do not be tricked into purchasing SafeFighter when you see these scan results.

The same Trojan that installed SafeFighter will also display fake security alerts and messages on your computer. These alerts will state that your computer has active malware or that a remote computer is trying to attack yours. The Trojan will also display a window that impersonates the legitimate Windows Security Center. The only difference is that the imposter will suggest you purchase SafeFighter to protect your computer. Just like the scan results, these security alerts are designed to scare you into thinking that you are infected in the hopes that you will then purchase the program.

If you find that you are infected with SafeFighter then please use the guide below to remove it. If you have already purchased the software, then we suggest you contact your credit card company to dispute the charges.

TrustCop is a rogue anti-spyware program that is installed and promoted through the use of Trojans. When the Trojan is installed it will download and install TrustCop on your computer and configure it to start automatically. When the Trojan is first run it will also create numerous files on your computer using random filenames. These files will then be detected by TrustCop as infections when it scans your computer, but if you try to remove them with TrustCop it will say that you need to purchase the program first. In reality, these files are all harmless and cannot harm your computer in any way. They are just being created and detected to attempt to trick you into thinking your computer is infected.

The same Trojan that installed TrustCop will also display fake security alerts on your computer. These alerts will display messages stating that your computer is under attack, has malware running, or is sending personal data over the Internet. The Trojan will also display a fake Windows Security Center that looks like the legitimate one in every way except that it suggests that you purchase TrustCop to protect yourself. Just like the fake scan results, these alerts are all false and are only being displayed to trick you into thinking your computer has a security problem.

Without a doubt, TrustCop was created for one reason; to make you think your infected so that you purchase the program. Under no circumstances should you actually purchase this program, and if you have, we suggest that you contact your credit card company and dispute the charges. Last, but not least, to remove TrustCop and any related malware please use the guide below.

SecureWarrior is another rogue program from the same family as SecureFighter. Like its predecessors, this scareware programs is promoted through the use of Trojans and other malware. When the Trojan installs SecureWarrior it will also create numerous files on an infected computer using random filenames. These files will then be detected by the program when it scans your computer, but if you try to remove them you will be told you need to purchase SecureWarrior first. This scenario of creating fake malware files that will then be detected by the rogue is the scam where they are trying to convince you that you are infected so that you will then purchase SecureWarrior. It is important to note that these detected files, though they exist on your computer, are not real programs and have no ability to actually harm your computer. Therefore, there is no reason to purchase the program.

The same Trojan that installs SecureWarrior is also responsible for displaying numerous fake security alerts and windows on an infected computer. While the Trojan is running you will be shown alerts stating that your computer is infected or that you are being attacked by a remote computer. Examples of some of the alerts that you may see are:

Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of SecureWarrior and remove spyware threats from your PC.

Infiltration Alert!
Your computer is being attacked by an Internet Virus. It could be password-stealing attacks, a trojan-dropper or similar.

This Trojan will also display a window that impersonates the legitimate Windows Security Center. The difference is that the imposter will suggest that you purchase SecureWarrior in order to protect your computer, while the legitimate Security Center does not recommend any particular program.

As you can see, SecureWarrior was created for one purpose, which is to trick you into thinking you are infected so that you then purchase the program. This is a scam, so if you have purchased the program I suggest you contact your credit card company to dispute the charges. Last, but not least, to remove SecureWarrior and any related malware please use the guide below.

SecureFighter is a scareware program from the Wini family. This rogue is promoted through the use of Trojans that install the program onto your computer. When the Trojan installs SecureFighter, SecureFighter will be configured to start automatically when you login to Windows. It will also create numerous files with random names that are used to impersonate malware files on your computer. When SecureFighter starts and scans your computer it will then detect these files as infections, but will not let you remove them unless you purchase the program. The files, though, that are created, and then subsequently detected, are harmless though and can not threaten your computer at all. They are only being shown to scare you into thinking you are infected in the hopes that you will then purchase SecureFighter.

The Trojan will also display fake security alerts and messages on your computer stating that your computer is under attack or that there is some infection running. Examples of some of the alerts that you may see are:

Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of SecureFighter and remove spyware threats from your PC.

Infiltration Alert!
Your computer is being attacked by an Internet Virus. It could be password-stealing attacks, a trojan-dropper or similar.

Another window that the Trojan will display is a fake Windows Security Center that suggests you purchase SecureFighter. Like the fake scan results, these alerts and windows should be ignored as they are just another tactic to scare you into purchasing the program.

In order to remove this program and any related malware, please follow the steps below. If you have already purchased the program I would also suggest that you contact your credit card company and dispute the charges as this software is a scam.

Home Personal Antivirus is a rogue anti-spyware program from the same family as XP Deluxe Protector. Like its predecessor, Home Personal Antivirus is installed onto a computer through the use of Trojans that install it without your permission. Once installed, the program will be configured to start automatically when your computer starts. Once running, Home Personal Antivirus will perform a scan and then state that there are numerous infections that it will not remove until you purchase the program. The infections that are shown in the scan results, though, do not exist at all on your computer and are only being shown to trick you into thinking you are infected.

While Home Personal Antivirus is running you will be shown a constant stream of nag screens and security alerts that attempt to further make you think there is a security issue on your computer. These alerts will range from warnings that your computer is under attack or that malicious programs have been detected. An example of one of these alerts is:

Firewall Warning
Hidden file transfer to remote host was detected
Home Personal Antivirus has detected that somebody is trying to transfer your private data via Internet. We strongly recommend you to block the attack immediately.

Of course when you click on the Block Attack button the program will tell you that you cannot block it until you purchase the program. You will also see a screen that impersonates the legitimate Windows Security Center, with the only difference being that the the imposter will recommend that you purchase Home Personal Antivirus to protect your computer. As you can see these nag screens are just a further attempt to scare you into thinking you have a computer problem and should be ignored.

If you find that you are infected with Home Personal Antivirus, do not act upon its warnings and purchase the program. If you have already purchased the program, then we advise you to contact your credit card company and dispute the charges. Finally, to remove the infection and any related malware please follow the steps in the guide below.