Smart Fortress 2012 – extremely nasty WinWebSec
Smart Fortress 2012 is an evolution of WinWebSec rogue family. This time, fake antivirus makes it really hard to kill its process and execute any program except browser. It looks like malware authors have spent lots of time developing the software to make it look real and prevent removal. Sure, the detected items are clearly fake and haven’t changed that much, but the way Smart Fortress 2012 process is protected is quite decent.
Firstly, you will not be able to rename Smart Fortress 2012 executable that easily : the name changes back after couple of seconds. This is done to prevent easy restarting without loading the malware process upon restart. This worked quite well with older versions of WinWebSecurity family of parasites.
Secondly, it prevents almost all executables from running and uses couple of ways to ensure that the process will not be killed. The single way I managed to kill that process without third party software is by leaving its window open, pressing ctrl+shift+esc and trying to hit “End Task” with mouse. You will not have much time, and it worked one time only. So it is not repeatable. You are screwed if Task manager starts in process tab. TaskKill and Rkill does not work as well.
What HAD worked for killing Smart Fortress 2012 process for me was running renamed version of Spyhunter executable. If you rename the executable to .com, it might run. At the moment both Spyhunter and Spyware Doctor recognizes at least some versions of Smart Fortress 2012 rogues and can remove them.
Also, there is a chance to execute applications by right-clicking on them and choosing Run as . Then uncheck the protection checkbox from the window.
Lastly, there are Smart Fortress 2012 registration keys available, however I am unsure how long will they last. It is tough parasite, and the best way to remove it is preventing it from landing on your PC in first place. Keep your PC up to date and get a decent Antivirus and Anti-Malware programs.
Filed under: Malware | Leave a Comment
Tags: malware, winwebsec