Windows Expansion System Virus: Remove It Now



Windows Expansion System Virus is a part of the same type of fake Microsoft Security Essentials software. Windows Expansion System Virus is a kind of scare-ware program that is used by cyber scammers to try and get unsuspecting PC users into paying for and downloading a fake malware removal tool. The recently released program is designed to generate spurious security alerts and system scan results in order to scare PC users into thinking that their systems are infected with different worms, viruses, Trojans, bots and other malware.


Windows Expansion System Virus

Alias: Windows Expansion System Virus

Damage Level: medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7



In most instances, the security alerts generated by the Windows Expansion System Virus are completely false and designed solely to create anxiety and uncertainty. The program itself does nothing to improve the security of the system and is as fraudulent as the alerts it generates.

The Windows Expansion System Virus is designed to appear as a genuine Microsoft Security Essentials program to trick users into thinking they are interacting with a legitimate program.



The Windows Expansion System Virus is typically installed on a user’s system via a Trojan horse program. Users who have not updated their system security in a long time, or those who have failed to apply the latest security patches are vulnerable to the kind of Trojan horse programs that are used to distribute the software. The Windows Expansion System virus is designed to appear as a genuine Microsoft Security Essentials program to trick users into thinking they are interacting with a legitimate program.


The first sign of infection is the appearance a bogus Microsoft Security Essentials pop up. This bogus alert will state that the users’ computer is infected with ‘Unknown Win32/Trojan’ and suggests that the user scan their computer. A scan is performed and the fake scan will state that Trojan.Horse.Win32.PAV.64 has been found and needs to be eliminated. If a PC user is misled into believing that the fake Microsoft Security Essentials alert is real, and the user clicks “clean computer”, Windows Expansion System Virus is installed.


Once the malicious software is downloaded onto a system it immediately proceeds to run a fictitious scan of the entire PC. The virus then proceeds to serve up results from the fake scan, showing the PC to be infected with various dangerous malware programs. The Windows Expansion System Virus also serves up an incessant stream of pop-up alerts containing dire warnings of various system compromises.


A Windows Expansion System Virus fake alert:

Fake Microsoft Security Essentials Pop Up Warning


Users are then urged to pay for and download a registered version of the program in order to remove these malware programs and to clean up the system. Users are led into believing that Windows Expansion System will deliver a series of capabilities such as system security and privacy, Internet security services, systems management capabilities and several media tools. Individuals who follow the purchase instructions end up paying for a useless program in addition to also giving up their credit card details to scammers.


As with many other scare-ware programs, Windows Expansion System Virus removal is not an easy task. The program changes registry settings and uses several other clever tricks to evade detection by any legitimate anti-virus tools that might be present on the system. In addition, the application is also designed to disable anti-malware tools and to block users from connecting to legitimate security vendor sites. PC users with systems infected by the scare-ware program can find it extremely difficult to download tools for removing the program because the program blocks all such downloads. As a result, knowing how to remove Windows Expansion System virus is very important.


The first step is to ensure that all hidden files and folders on the infected PC are made viewable. The processes for doing this are different for Windows XP, Windows Vista and Windows 7 systems. In each case, users ultimately have to navigate to the Control Panel menu and click on the option that says “Show hidden files and folders”.


Once the hidden files and folders become viewable the user has to go to the folder named %SysDrive%Documents and Settings[Current User]Application DataMicrosoft in the case of Windows XP systems. Individuals using Windows Vista and Windows 7 systems need to open the folder titled %SysDrive%Users[Current User]Application DataMicrosoft.


This folder basically contains the Windows Expansion System executable file. The file has an *avi extension and some random name associated with it. This executable file needs to be renamed with some other name and the system has to be then restarted.

How to remove the Windows Expansion System Virus

Virus Lab Recommended Procedure
Removal success rating: 97.9%

1. Click the yellow button above. (keep clicking until the download starts)
2. Download and run the .exe file.
3. Install and perform the free virus scan.


Having trouble?
Can’t get the .exe file to open or run?
Can’t save the installer .exe to your computer?
Can’t access the internet on your infected computer?
Can’t download the .exe when you click the yellow button?

Find more help at the Advanced Troubleshooting Page.

Leave a Comment

*