Windows Antivirus Patch

Windows Antivirus Patch Description

Type: Rogue AntiSpyware Programs

ScreenshotESG malware analysts have detected one more variant of the FakeVimes family of fake security applications: Windows Antivirus Patch. Like most fake security programs, Windows Antivirus Patch will try to convince you that Windows Antivirus Patch is a legitimate security program with the use of error messages, pop-up notifications, and an attractive interface that mimics real security programs. The main goal of Windows Antivirus Patch is to carry out a scam which involves getting your money and personal information in exchange for a "full version" of Windows Antivirus Patch.

Other problems with the Windows Antivirus Patch include the fact that Windows Antivirus Patch can cause browser redirects, make your computer system more vulnerable by disabling your security software, and changing your computer system's basic security settings. Because of this, removing Windows Antivirus Patch from an infected computer system should be a top priority. While many computer users may consider its constant error messages a mere annoyance, the overall effect of Windows Antivirus Patch on an infected computer system can make Windows Antivirus Patch a severe threat to a computer's security.

An Overview of the Windows Antivirus Patch Scam

Inexperienced computer users may be lulled into thinking that Windows Antivirus Patch is a genuine upgrade for their computer system's security. However, Windows Antivirus Patch has no connection to Microsoft and has absolutely no real anti-virus capabilities. Windows Antivirus Patch is very similar to numerous other fake security programs in the FakeVimes family, which enjoyed a resurgence in 2012. Some clones of Windows Antivirus Patch include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. Do not be fooled by Windows Antivirus Patch's main interface, which includes various convincing features like a supposed "advanced process control" and even a support button. These are all there to enhance the Windows Antivirus Patch scam and the illusion of this being a real security program.

Trying to fix any of the supposed virus infections that Windows Antivirus Patch detects will invariably result in error messages claiming that you need to "register" Windows Antivirus Patch and obtain its "full version" which, of course, is not free. To remove Windows Antivirus Patch, ESG malware analysts recommend using a real, fully-updated anti-malware program. You can stop many of its most annoying features with the registration code '0W000-000B0-00T00-E0020', but this will not remove Windows Antivirus Patch, only stop some of its error messages and redirects. Windows Antivirus Patch should still be removed immediately after entering the registration code.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Antivirus Patch

Windows Antivirus Patch Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Antivirus Patch creates the following file(s):
# File Name MD5 Detection Count
1 Protector-tjlu.exe 4d0f1b82bf17efb39157b72c850a2157 1
2 %AppData%\NPSWF32.dll N/A
3 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A
4 %AppData%\result.db N/A
5 %CommonStartMenu%\Programs\Windows Antivirus Patch.lnk N/A
6 %Desktop%\Windows Antivirus Patch.lnk N/A

Registry Details

Windows Antivirus Patch creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ahwohainwk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-4-7_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe

More Details on Windows Antivirus Patch

The following messages associated with Windows Antivirus Patch were found:
Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.