Windows Advanced User Patch

Windows Advanced User Patch Description

Type: Adware

ScreenshotWindows Advanced User Patch masquerades as a real security program, but, in fact, Windows Advanced User Patch is a scam and not capable of doing the duties of a spyware removal tool. Windows Advanced User Patch is a fake anti-spyware program and will only appear to look legitimate to lure PC users into spending money. Like several other rogue anti-spyware programs, Windows Advanced User Patch infiltrates a computer through the use of Trojans. Trojans are strong enough to penetrate security barriers because they take advantage of security loopholes in the system.

Windows Advanced User Patch is a variation of previously reported bogus anti-spyware program from the FakeVimes such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

During installation, Windows Advanced User Patch will be configured to run automatically each time you start Windows. As a way to confuse PC users, Windows Advanced User Patch will display fake warning messages, detect fabricated viruses in order to frighten PC users and drive them ultimately to purchase the fake anti-spyware program. You should stay away from Windows Advanced User Patch, and if alerts associated with Windows Advanced User Patch appear on your PC stating that your PC is at risk, you must take the necessary precautions to not go through the purchase process or provide any personal information to Windows Advanced User Patch. ESG's malware analysts strongly advise you to never purchase Windows Advanced User Patch because you will lose money and still remain with an infected computer.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Advanced User Patch

Windows Advanced User Patch Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Advanced User Patch creates the following file(s):
# File Name MD5 Detection Count
1 Protector-lfjj.exe 3e12e151cbfb3bd2e12e981c37e60880 1
2 Protector-kolx.exe 7bf65edc1ec52ba16e9149c92b75ae63 1
3 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
4 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
5 %AppData%\NPSWF32.dll N/A
6 %Desktop%\Windows Advanced User Patch.lnk N/A
7 %AppData%\W34r34mt5h21ef.dat N/A
8 %AppData%\result.db N/A
9 %CommonStartMenu%\Programs\Windows Advanced User Patch.lnk N/A

Registry Details

Windows Advanced User Patch creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ungklgkqft"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-6_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe

More Details on Windows Advanced User Patch

The following messages associated with Windows Advanced User Patch were found:
Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Error
There's a suspicious software running on your PC. For more details, run a system file check.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.