Threat Database Rogue Anti-Spyware Program Windows Advanced User Patch

Windows Advanced User Patch

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 2
First Seen: May 6, 2012
OS(es) Affected: Windows

Windows Advanced User Patch Image

Windows Advanced User Patch masquerades as a real security program, but, in fact, Windows Advanced User Patch is a scam and not capable of doing the duties of a spyware removal tool. Windows Advanced User Patch is a fake anti-spyware program and will only appear to look legitimate to lure PC users into spending money. Like several other rogue anti-spyware programs, Windows Advanced User Patch infiltrates a computer through the use of Trojans. Trojans are strong enough to penetrate security barriers because they take advantage of security loopholes in the system.

Windows Advanced User Patch is a variation of previously reported bogus anti-spyware program from the FakeVimes such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

During installation, Windows Advanced User Patch will be configured to run automatically each time you start Windows. As a way to confuse PC users, Windows Advanced User Patch will display fake warning messages, detect fabricated viruses in order to frighten PC users and drive them ultimately to purchase the fake anti-spyware program. You should stay away from Windows Advanced User Patch, and if alerts associated with Windows Advanced User Patch appear on your PC stating that your PC is at risk, you must take the necessary precautions to not go through the purchase process or provide any personal information to Windows Advanced User Patch. ESG's malware analysts strongly advise you to never purchase Windows Advanced User Patch because you will lose money and still remain with an infected computer.

SpyHunter Detects & Remove Windows Advanced User Patch

Windows Advanced User Patch Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Advanced User Patch may create the following file(s):
# File Name MD5 Detections
1. Protector-lfjj.exe 3e12e151cbfb3bd2e12e981c37e60880 1
2. Protector-kolx.exe 7bf65edc1ec52ba16e9149c92b75ae63 1
3. %AppData%\Protector-[RANDOM 4 CHARACTERS].exe
4. %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
5. %AppData%\NPSWF32.dll
6. %Desktop%\Windows Advanced User Patch.lnk
7. %AppData%\W34r34mt5h21ef.dat
8. %AppData%\result.db
9. %CommonStartMenu%\Programs\Windows Advanced User Patch.lnk

Registry Details

Windows Advanced User Patch may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ungklgkqft"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-6_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe

Messages

The following messages associated with Windows Advanced User Patch were found:

Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Error
There's a suspicious software running on your PC. For more details, run a system file check.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Trending

Most Viewed

Loading...