Windows Antivirus Patch Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

ESG malware analysts have detected one more variant of the FakeVimes family of fake security applications: Windows Antivirus Patch. Like most fake security programs, Windows Antivirus Patch will try to convince you that Windows Antivirus Patch is a legitimate security program with the use of error messages, pop-up notifications, and an attractive interface that mimics real security programs. The main goal of Windows Antivirus Patch is to carry out a scam which involves getting your money and personal information in exchange for a “full version” of Windows Antivirus Patch.

Other problems with the Windows Antivirus Patch include the fact that Windows Antivirus Patch can cause browser redirects, make your computer system more vulnerable by disabling your security software, and changing your computer system’s basic security settings. Because of this, removing Windows Antivirus Patch from an infected computer system should be a top priority. While many computer users may consider its constant error messages a mere annoyance, the overall effect of Windows Antivirus Patch on an infected computer system can make Windows Antivirus Patch a severe threat to a computer’s security.

An Overview of the Windows Antivirus Patch Scam

Inexperienced computer users may be lulled into thinking that Windows Antivirus Patch is a genuine upgrade for their computer system’s security. However, Windows Antivirus Patch has no connection to Microsoft and has absolutely no real anti-virus capabilities. Windows Antivirus Patch is very similar to numerous other fake security programs in the FakeVimes family, which enjoyed a resurgence in 2012. Some clones of Windows Antivirus Patch include Windows Functionality Checker, Windows Antihazard Center, Windows Personal Doctor and Windows Trojans Sleuth. Do not be fooled by Windows Antivirus Patch’s main interface, which includes various convincing features like a supposed “advanced process control” and even a support button. These are all there to enhance the Windows Antivirus Patch scam and the illusion of this being a real security program.

Trying to fix any of the supposed virus infections that Windows Antivirus Patch detects will invariably result in error messages claiming that you need to “register” Windows Antivirus Patch and obtain its “full version” which, of course, is not free. To remove Windows Antivirus Patch, ESG malware analysts recommend using a real, fully-updated anti-malware program. You can stop many of its most annoying features with the registration code ‘0W000-000B0-00T00-E0020′, but this will not remove Windows Antivirus Patch, only stop some of its error messages and redirects. Windows Antivirus Patch should still be removed immediately after entering the registration code.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Antivirus Patch?

‘How Windows Antivirus Patch Infects Your Computer’ Video

Windows Antivirus Patch Removal Details

Windows Antivirus Patch has typically the following processes in memory:

• %AppData%\NPSWF32.dll
• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Antivirus Patch creates the following files in the system:

• %AppData%\result.db
• %CommonStartMenu%\Programs\Windows Antivirus Patch.lnk
• %Desktop%\Windows Antivirus Patch.lnk

Windows Antivirus Patch creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “ahwohainwk”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-4-7_2″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe

Important Article Disclaimer