Windows Anti-Malware Patch

Windows Anti-Malware Patch Description

ScreenshotWindows Anti-Malware Patch is neither a security patch nor an anti-malware tool. Windows Anti-Malware Patch is actually a malware infection labeled as a rogue anti-malware program. Rogue anti-malware programs such as Windows Anti-Malware Patch have the main goal of convincing PC users that their machine is infected with malware by posing as legitimate anti-malware tools. This is part of a known online scam designed to snatch away inexperienced computer users' money. Windows Anti-Malware Patch itself belongs to a very large family of these kinds of malware threats known as FakeVimes.

The FakeVimes family of malware has existed in one way or another since 2009. In the years since, criminals have released dozens of these fake security programs. Although most reliable anti-malware applications are well prepared to deal with FakeVimes-related malware infection, variants of FakeVimes malware released in 2012 (including Windows Anti-Malware Patch itself) often include a rootkit component from the Sirefef family. This rootkit component makes these FakeVimes variants more difficult to remove and detect than ever before. Because of this, you may require the help of an anti-rootkit tool to remove Windows Anti-Malware Patch completely.

How Criminals Attempt to Rob Your Money Utilizing Windows Anti-Malware Patch

The main goal of the Windows Anti-Malware Patch scam is to persuade computer users that they must purchase an unnecessary and useless upgrade which is usually quite expensive. Some variants of FakeVimes that carry out this scam include programs such as Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst. All of these fake security programs will issue fake notifications, cause browser redirects and application crashes. ESG malware analysts strongly advise not to purchase Windows Anti-Malware Patch or any other fake security applications that are part of the FakeVimes family.

Removing Windows Anti-Malware Patch Safely from Your Computer

Although it is entirely possible to remove Windows Anti-Malware Patch manually, ESG security researchers advise using a reliable anti-malware program with anti-rootkit technology. Incorrect removal of Windows Anti-Malware Patch can damage your operating system and be ineffective. You can 'register' Windows Anti-Malware Patch with the registration code 0W000-000B0-00T00-E0020 in order to stop Windows Anti-Malware Patch from displaying annoying error messages or causing other symptoms. ESG security researchers note that using the above code to 'register' Windows Anti-Malware Patch will not remove this malware intruder from your computer but can help as part of an overall treatment for your computer.

Do You Suspect Your Computer May Be Infected with Windows Anti-Malware Patch & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Windows Anti-Malware Patch as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Anti-Malware Patch infects a computer.

Is your PC Infected with Windows Anti-Malware Patch?

File System Details

Windows Anti-Malware Patch creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%Protector-hebm.exe 2,616,320 63fb15b80a2d8a5b875e00d9fc74b202 1
2 %AppData%\Protector-[RANDOM].exe N/A

Registry Details

Windows Anti-Malware Patch creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "[RANDOM]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "[DATE OF INSTALLATION]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "%AppData%\Protector-[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = "4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\"Debugger" = "svchost.exe"

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.