Windows Secure Surfer

From Wiki-Security, the free encyclopedia of computer security

Windows Secure Surfer Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<

SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:

If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Rogue anti-spyware software is a malicious program written to duplicate the appearance of a legitimate program, generate fake scans and gain some profit. Windows Secure Surfer is one such software. Another addition to the growing family of Rogue:Win32/FakeVimes malware, Windows Secure Surfer, will either download itself into a computer or use other devices to make their target download the application on their own. Once installed, this malicious software will generate false warnings about virus detections and infections and proceed to recommend a full purchase on the paid version of Windows Secure Surfer. The alleged infections and warnings may not even be true, and if the PC security has, in fact, been compromised, it is mainly due to the workings of Windows Secure Surfer. This rogue anti-spyware program is a scam and must be removed without hesitation.

How to Determine an Existing Infection

A Windows Secure Surfer infection is not difficult to detect. If you are already familiar with the telltale signs of rogueware infestations, you will see that the mechanics of Windows Secure Surfer are no different. This is expected, of course, given that this malware is a clone of several other rogue anti-spyware programs. These clones include Windows Be-on-Guard Edition, Windows Safety Checkpoint, Windows Safety Module and Windows Daily Adviser. An analysis on the Rogue.FakeVimes family of malicious software will reveal how these fraudulent applications work in almost the same manner. Windows Secure Surfer duplicates the appearance of Windows Security Center so that PC users will think the virus detections are all genuine.

Security analysts believe this is done to make the rogue security program highly convincing. You will also note how the fake scans launch themselves during each Windows start-up. These scans, which take no more than 5 seconds, will display results about Trojan detections, potential threats and eventually a recommendation to purchase the full version of the software.

To complement these fake scans, moreover, Windows Secure Surfer will also show bogus security warnings regarding several attempts at virus interceptions or Windows Registry modifications. These warnings, like the scans, are all unreliable and baseless. The best move is to eliminate Windows Secure Surfer from your PC without any further delay.

Eliminate Windows Secure Surfer without Question

A Windows Secure Surfer infection can be eliminated through legitimate anti-malware software. Since most of the types of malware released by Rogue.FakeVimes contain some form of rootkit component in them, it is important to choose software that has an advanced capability at cleaning up these infections. It is not recommended to ignore these malware infestations, since their existence may compromise PC security further. Windows Secure Surfer may also prevent you from opening and using standard Windows applications, which makes it all the more crucial to delete this rogueware from your PC as soon as possible.

To prevent the same infections in the future, you need to ignore the panic tactics and false warnings of rogue security applications such as Windows Secure Surfer. This malware will not make your surfing experience secure. Keep Windows Secure Surfer out of your system or remove it using legitimate software today.

To check your computer for Windows Secure Surfer, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Windows Secure Surfer and other threats. If you detect the presence of Windows Secure Surfer on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Windows Secure Surfer.


Detection of Windows Secure Surfer (Recommended)

Windows Secure Surfer is difficult to detect and remove. Windows Secure Surfer is not likely to be removed through a convenient "uninstall" feature. Windows Secure Surfer, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Windows Secure Surfer and other spyware, adware, trojans and viruses on your computer.

Run a Windows Secure Surfer scan/check to successfully detect all Windows Secure Surfer files with the SpyHunter Spyware Detection Tool. If you wish to remove Windows Secure Surfer, you can either purchase the SpyHunter spyware removal tool to remove Windows Secure Surfer or follow the Windows Secure Surfer manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Windows Secure Surfer. Windows Secure Surfer can come bundled with shareware or other downloadable software.

Another method of distributing Windows Secure Surfer involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Windows Secure Surfer on your system. Windows Secure Surfer installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Windows Secure Surfer, use this SpyHunter Spyware dectection tool to detect Windows Secure Surfer and other common Spyware infections. After detection of Windows Secure Surfer, the next advised step is to remove Windows Secure Surfer with the purchase of the SpyHunter Spyware removal tool.


Windows Secure Surfer may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Windows Secure Surfer from your computer.

Remedies and Prevention

Windows Secure Surfer, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Windows Secure Surfer along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Windows Secure Surfer, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Windows Secure Surfer and other types of spyware.

Remove Windows Secure Surfer manually

Another method to remove Windows Secure Surfer is to manually delete Windows Secure Surfer files in your system. Detect and remove the following Windows Secure Surfer files:


  • %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
  • %AppData%\Protector-[RANDOM 4 CHARACTERS].exe


  • %AppData%\NPSWF32.dll

Other Files

  • %AppData%\result.db

Registry Keys

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-13_4"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "hspbkebjqj"
  • HKEY_CURRENT_USER\Software\ASProtect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe

External links

If you believe your computer is infected with spyware,
Wiki-Security highly recommends to download SpyHunter's spyware detection tool to check for spyware on your PC.

Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Windows Secure Surfer or its creators in any way. This website does not advocate the actions or behavior of Windows Secure Surfer and its creators. Our objective is to provide Internet users with the know-how to detect and remove Windows Secure Surfer and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Windows Secure Surfer in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.