Smart Fortress 2012 – extremely nasty WinWebSec

29Feb12

Smart Fortress 2012 is an evolution of WinWebSec rogue family. This time, fake antivirus makes it really hard to kill its process and execute any program except browser. It looks like malware authors have spent lots of time developing the software to make it look real and prevent removal. Sure, the detected items are clearly fake and haven’t changed that much, but the way Smart Fortress 2012 process is protected is quite decent.
Firstly, you will not be able to rename Smart Fortress 2012 executable that easily : the name changes back after couple of seconds. This is done to prevent easy restarting without loading the malware process upon restart. This worked quite well with older versions of WinWebSecurity family of parasites.

Secondly, it prevents almost all executables from running and uses couple of ways to ensure that the process will not be killed. The single way I managed to kill that process without third party software is by leaving its window open, pressing ctrl+shift+esc and trying to hit “End Task” with mouse. You will not have much time, and it worked one time only. So it is not repeatable. You are screwed if Task manager starts in process tab. TaskKill and Rkill does not work as well.

What HAD worked for killing Smart Fortress 2012 process for me was running renamed version of Spyhunter executable. If you rename the executable to .com, it might run. At the moment both Spyhunter and Spyware Doctor recognizes at least some versions of Smart Fortress 2012 rogues and can remove them.

Also, there is a chance to execute applications by right-clicking on them and choosing Run as . Then uncheck the protection checkbox from the window.
Lastly, there are Smart Fortress 2012 registration keys available, however I am unsure how long will they last. It is tough parasite, and the best way to remove it is preventing it from landing on your PC in first place. Keep your PC up to date and get a decent Antivirus and Anti-Malware programs.

Smart Fortress 2012 screenshot

About these ads


No Responses Yet to “Smart Fortress 2012 – extremely nasty WinWebSec”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: