Windows Enterprise Suite
Windows Enterprise Suite is another addition to the long lists of fake computer security program. It has a sole purposed of acquiring financial gain for unfair marketing campaign of a useless program. Windows Enterprise Suite is usually obtained by visiting a website that hosts the installation files. Without user’s awareness, this rogue can be downloaded and installed on visitors computer automatically by implementing a malicious JavaScript placed on the said website.
Once inside the computer, Windows Enterprise Suite will begin to pop-up false alert messages and exhibit fabricated virus scan result to convince users about the present danger involving Virus, Trojan and other sort of Malware. In addition, several clean files are dropped on the system that it later identifies harmful. To remove these, it will prompt for the purchase of the Windows Enterprise Suite registered version, which in fact will not do any good on end user’s part. It would be better to download an effective Windows Enterprise Suite removal tool as represented by legitimate anti-malware programs.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
To load Windows Enterprise Suite once Windows starts, Trojan that drops the rogue program also added entry to registry during installation. The following entry calls for the main executable program at start-up:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Enterprise Suite”
Malware Behavior
Right after its successful penetration on the computer, this rogue will start a misleading crusade to achieve an objective of selling the paid edition. Task bar alert, pop-up messages, fake error pages and browser redirect are the primary line of attack. If these methods fail to generate favorable response from victims, Windows Enterprise Suite will literally block execution of programs and make the system unusable.
Added Registry Entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Suite"
HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKCR\xp_ca0d5.DocHostUIHandler
HKCU\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKCU\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
Associated Files and Folders:C:\Program Files\Mozilla Firefox\searchplugins\search.xml C:\Documents and Settings\All Users\Application Data\24d36 C:\Documents and Settings\All Users\Application Data\24d36\WE83b.exe C:\Documents and Settings\All Users\Application Data\24d36\WES.ico C:\Documents and Settings\All Users\Application Data\WESSys C:\Documents and Settings\All Users\Application Data\WESSys\wes.cfg C:\Documents and Settings\All Users\Application Data\WESSys\vd952342.bd %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Suite.lnk %UserProfile%\Application Data\Windows Enterprise Suite %UserProfile%\Application Data\Windows Enterprise Suite\cookies.sqlite %UserProfile%\Application Data\Windows Enterprise Suite\47.mof %UserProfile%\Application Data\Windows Enterprise Suite\mozcrt19.dll %UserProfile%\Application Data\Windows Enterprise Suite\sqlite3.dll %UserProfile%\Application Data\Windows Enterprise Suite\Instructions.ini %UserProfile%\Desktop\Windows Enterprise Suite.lnk %UserProfile%\Recent\ANTIGEN.sys %UserProfile%\Recent\cb.exe %UserProfile%\Recent\cid.dll %UserProfile%\Recent\CLSV.dll %UserProfile%\Recent\DBOLE.sys %UserProfile%\Recent\ddv.dll %UserProfile%\Recent\eb.exe %UserProfile%\Recent\eb.sys %UserProfile%\Recent\energy.exe %UserProfile%\Recent\exec.tmp %UserProfile%\Recent\kernel32.drv %UserProfile%\Recent\PE.drv %UserProfile%\Recent\PE.tmp %UserProfile%\Recent\ppal.exe %UserProfile%\Recent\SICKBOY.tmp %UserProfile%\Recent\sld.drv %UserProfile%\Recent\tjd.dll %UserProfile%\Recent\tjd.sys %UserProfile%\Start Menu\Windows Enterprise Suite.lnk %UserProfile%\Start Menu\Programs\Windows Enterprise Suite.lnk
How to Remove Windows Enterprise Suite
1. Kill any running process that belongs to Windows Enterprise Suite.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
WE83b.exe or (random).exe
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Suite"
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Windows Enterprise Suite.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'
Jonathan Don
Nov 01, 2009 @ 19:57:35
Dear Customer,
Please find below the phone numbers of our call center, depending on your location:
+1-800-3384926 (USA)
+1-866-6620781 (Canada)
+44-845-5274597 (United Kingdom)
+61-871-232359 (Australia)
If there is anything else I can help you with, please let me know.
——————————————————————————–
Sincerely yours,
Customer Care Team
This is the contact inforamtion for the company of Windows Enterprise Suites. Please contact them as they would love to hear from their beloved customers.