Windows Advanced User Patch

By Domesticus in Rogue Anti-Spyware Program | 231 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
 More... More

Windows Advanced User Patch Description

Image Screenshot

[+] Click Image to Enlarge

Windows Advanced User Patch masquerades as a real security program, but, in fact, Windows Advanced User Patch is a scam and not capable of doing the duties of a spyware removal tool. Windows Advanced User Patch is a fake anti-spyware program and will only appear to look legitimate to lure PC users into spending money. Windows Advanced User Patch is a variation of previously reported bogus anti-spyware program such as Total Anti Malware Protection, Windows Internet Booster, Windows Daily Advisor, just to name a few. Like several other rogue anti-spyware programs, Windows Advanced User Patch infiltrates a computer through the use of Trojans. Trojans are strong enough to penetrate security barriers because they take advantage of security loopholes in the system.

During installation, Windows Advanced User Patch will be configured to run automatically each time you start Windows. As a way to confuse PC users, Windows Advanced User Patch will display fake warning messages, detect fabricated viruses in order to frighten PC users and drive them ultimately to purchase the fake anti-spyware program. You should stay away from Windows Advanced User Patch, and if alerts associated with Windows Advanced User Patch appear on your PC stating that your PC is at risk, you must take the necessary precautions to not go through the purchase process or provide any personal information to Windows Advanced User Patch. ESG’s malware analysts strongly advise you to never purchase Windows Advanced User Patch because you will lose money and still remain with an infected computer.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Advanced User Patch?

Download SpyHunter’s Detection Scanner
to Detect Windows Advanced User Patch.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

‘How Windows Advanced User Patch Infects Your Computer’ Video

Windows Advanced User Patch Removal Details

Windows Advanced User Patch has typically the following processes in memory:

  • %AppData%\Protector-[RANDOM 4 CHARACTERS].exe
  • %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
  • %AppData%\NPSWF32.dll

Windows Advanced User Patch creates the following files in the system:

  • %Desktop%\Windows Advanced User Patch.lnk
  • %AppData%\W34r34mt5h21ef.dat
  • %AppData%\result.db
  • %CommonStartMenu%\Programs\Windows Advanced User Patch.lnk

Windows Advanced User Patch creates the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “ungklgkqft”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
  • HKEY_CURRENT_USER\Software\ASProtect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-5-6_2″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe

Important Article Disclaimer

ESG Support Center

This entry was last updated on 06/8/12 and posted on 05/6/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Windows Internet Booster
Best Antivirus Software »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Follow ESG

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.