Emsisoft’s Malware Digest: Windows Prime Accelerator

prime_accelerator_1

As some of you might know, Emsisoft keeps a close watch on the latest malware developments and documents everything we find at our Support Forum.  Since we know that many of our customers simply don’t have the time to scroll through every single forum post, we have decided to start using this blog as place to post regular malware updates.

Our first culprit is Windows Prime Accelerator.  On January 20, Emsisoft’s malware research team discovered this rogue scanning application circling around some of the more dangerous parts of the web.  Like Windows Premium Shield, Prime Accelerator is a variant of the Protector Rogue family and is detected by Emsisoft as Rogue.Win32.GuardSoft.  Unlike Windows Premium shield and other variants, Prime Accelerator uses a new registry run value, PrSft.

A rogue, for those who are unfamiliar, is a Trojan malware program that poses as a useful PC scanning or optimization program.  Windows Prime Accelerator attempts to fool users with the GUI pictured below.

prime_accelerator_2

Don’t be fooled! This friendly-looking rogue is designed to lock your PC until you activate its ‘full-version’ with your credit card on a webpage.  It also attempts to fool your PC into thinking it needs an additional service by messing with your registry settings.  In the event your computer has been infected by this rogue, you can disable it with one of the following activation codes:

  1. 0W000-000B0-00T00-E0001
  2. 0W000-000B0-00T00-E0002
  3. 0W000-000B0-00T00-E0003

You can also follow our detailed removal instructions at our support forum.  As for those running Emsisoft Anti-Malware, you are automatically protected.  Have a Great (Malware Free) Day!