Windows Home Patron Description
Windows Home Patron is a strangely named bogus anti-malware application and a component of the FakeVimes family of malware. The FakeVimes family of fake security applications is quite large and has been updated continuously since its first appearances in 2009. Variants of this malware family released in 2012 tend to follow similar naming patterns, usually beginning with the word ‘Windows’ followed by an adjective and a noun from a long list of possible computer-related terms. Although sometimes it makes sense, such as in the case of fake security programs like Windows Stability Guard or Windows Malware Firewall, other times (as in the case of Windows Home Patron) the names are somewhat nonsensical.
The Windows Home Patron Scam
These fake security programs all carry out variants of a well-known online scam. This scam consists in trying to convince inexperienced computer users that they should purchase fake security software in order to remove nonexistent malware infections on their computers. Windows Home Patron is not a real security program and should be removed immediately with the help of a reliable anti-malware program. To carry out its scam, Windows Home Patron tries to alarm computer users with a variety of fake error messages. Windows Home Patron can also cause browser redirects and other unwanted effects on the infected computer system.
Preventing a Windows Home Patron Infection
To avoid becoming infected with Windows Home Patron, it is important to understand common sources of this infection. The most common sources for a Windows Home Patron infection include the following:
- It is also well known that malware is often distributed through malicious email attachments. These attachments, disguised as harmless text or image files, will often include a hidden Trojan that then downloads and installs Windows Home Patron on the infected computer system.
- Trojans associated with Windows Home Patron will often also be disguised as a third-party system or application update or as a codec for viewing online videos.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Home Patron?
Download SpyHunter’s Detection Scanner
to Detect Windows Home Patron.
Windows Home Patron Technical Report
As new Windows Home Patron details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Windows Home Patron:
The following fake error message(s) appears for Windows Home Patron:
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexpolre.exe
C:program filesinternet exploreriexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Please click “Prevent attack” button to prevent all attacks and protect your PC
Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Please click “remove All” button to erase all infected files and protect your PC
‘How Windows Home Patron Infects Your Computer’ Video
Windows Home Patron Removal Details
Windows Home Patron has typically the following processes in memory:
- %AppData%\Protector-[RANDOM CHARACTERS].exe
Windows Home Patron creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe