1 of 9
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

Windows Expansion System

Developers behind rogue defragmenters Windows Simple Protector and Windows Support System have released their latest clone called Windows Expansion System. This rogue system optimizer uses genuine looking graphical user interfaces to try and fool its victims, but as with its long line of predecessors are unable to live up to any of its promises.

Windows Expansion System makes use of established forms of infection, using browser hijackers and seemingly legitimate yet totally bogus online malware scanners. This rogue has also been known to bundle itself together with third party security downloads and updates.

Download Spyware Removal Tool to Remove* Windows Expansion System
  • Quick & tested solution for Windows Expansion System removal.
  • 100% Free Scan for Windows

Because Windows Expansion System’s infiltration of the system is done so furtively, the user will remain largely unaware of its presence and will find it tough to detect and get rid of Windows Expansion System without some help. The first clue the user will have as to the presence of Windows Expansion System on the system will come after the rogue starts its attack on the PC, through relentless pop up messages warning of crippling system errors.

None of these fake system error reports are to be trusted, and users are urged not to accept all correspondence received from Windows Expansion System as highly suspicious. Some of the more popular fake security alerts to be on the lookout for include the following:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Name: firefox.exe
Name: c:\program files\firefox\firefox.exe
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Note all the spelling and grammatical errors contained in the above fake alerts. This is further evidence that we are dealing with a fake system optimizer. Users who did not destroy Windows Expansion System in time complained about various symptoms associated with this infection. These include blocked Internet connections, extremely poor system performance and increased erratic system behavior. Windows Expansion System also denies the PC owner access to his own Desktop. In order to restore access to the Desktop, simply follow these instructions carefully:

1. Restart the system. The Windows Expansion System startup screen will block access to the Desktop. Click the “OK” button to make this go away. The rogue will now initiate a fake system scan.
2. Once the scan is finished another fake security notice will appear, click OK once more.
3. Click on the red “X” at the right top of the page to make this notification disappear.
4. It should now disappear and you will be able to access your desktop again.

Do not think that by merely having followed the above instructions that you have successfully neutralized the threat. Windows Expansion System poses a serious danger to your PC’s health and your privacy. You need to restore your PC’s health and to do this you simply have to obliterate Windows Expansion System immediately. This can easily be achieved through investing in a genuine security tool.

Download Spyware Removal Tool to Remove* Windows Expansion System
  • Quick & tested solution for Windows Expansion System removal.
  • 100% Free Scan for Windows

How to manually remove Windows Expansion System

Files associated with Windows Expansion System infection:


Windows Expansion System processes to kill:


Remove Windows Expansion System registry entries:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell “%AppData%\[random].exe


  1. Remove Windows Expansion System Mar 29, 2011

    Thank you, this actually worked. I didn’t think it was going

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.