Windows Home Patron Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Home Patron is a strangely named bogus anti-malware application and a component of the FakeVimes family of malware. The FakeVimes family of fake security applications is quite large and has been updated continuously since its first appearances in 2009. Variants of this malware family released in 2012 tend to follow similar naming patterns, usually beginning with the word ‘Windows’ followed by an adjective and a noun from a long list of possible computer-related terms. Although sometimes it makes sense, such as in the case of fake security programs like Windows Stability Guard or Windows Malware Firewall, other times (as in the case of Windows Home Patron) the names are somewhat nonsensical.

The Windows Home Patron Scam

These fake security programs all carry out variants of a well-known online scam. This scam consists in trying to convince inexperienced computer users that they should purchase fake security software in order to remove nonexistent malware infections on their computers. Windows Home Patron is not a real security program and should be removed immediately with the help of a reliable anti-malware program. To carry out its scam, Windows Home Patron tries to alarm computer users with a variety of fake error messages. Windows Home Patron can also cause browser redirects and other unwanted effects on the infected computer system.

Preventing a Windows Home Patron Infection

To avoid becoming infected with Windows Home Patron, it is important to understand common sources of this infection. The most common sources for a Windows Home Patron infection include the following:

1. Windows Home Patron will most usually be distributed through fake online malware scans. These fake malware scans will usually take the form of a Flash or JavaScript advertisement that will actually exploit known vulnerabilities in these platforms in order to install either Windows Home Patron or a downloader Trojan designed to download and install this fake security program. The results of these supposed malware scans are also invariably negative and are always followed by a message prompting the victims to download Windows Home Patron themselves.
2. It is also well known that malware is often distributed through malicious email attachments. These attachments, disguised as harmless text or image files, will often include a hidden Trojan that then downloads and installs Windows Home Patron on the infected computer system.
3. Trojans associated with Windows Home Patron will often also be disguised as a third-party system or application update or as a codec for viewing online videos.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Home Patron?

Windows Home Patron Technical Report

As new Windows Home Patron details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Home Patron:

The following fake error message(s) appears for Windows Home Patron:

Firewall has blocked a program from accessing the Internet
Internet Explorer
C:program filesinternet exploreriexpolre.exe
C:program filesinternet exploreriexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click “Prevent attack” button to prevent all attacks and protect your PC

Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Security Risk:
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Recommended:
Please click “remove All” button to erase all infected files and protect your PC

‘How Windows Home Patron Infects Your Computer’ Video

Windows Home Patron Removal Details

Windows Home Patron has typically the following processes in memory:

• %AppData%\Protector-[RANDOM CHARACTERS].exe

Windows Home Patron creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

Important Article Disclaimer