Windows Antivirus Machine

By | August 2, 2012 | 0 Comment

Windows Antivirus Machine brings nothing but harm when installed on the computer. You may perceive it as a legal security program upon seeing how it looks. This fake antivirus program was designed in order to look like a genuine program. It has an interface similar to other known security products. One can only notice the difference after seeing how unsafe it is to have Windows Antivirus Machine inside the PC.

Presence of this malware not only annoys users like you with extensive pop-up alerts. It only impeded your computer operation. Windows Antivirus Machine will block your Internet access, hides files and folders, and prevent execution of any installed software. Additionally, this threat entails identity theft. It can steal your credit card details after using it while purchasing the paid version of this product.

There is no other way to do but to remove Windows Antivirus Machine as soon as possible. If you don’t do it at once, the rogue program may add other harm such as download other threats and smear more damages to your system files. To remove this rogue program, you need to follow the systematic guide on this page. Applying this steps and download the removal tool ensures getting back your computer to its previous clean state.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Antivirus Machine Infection?

If computer is infected with this malware, obviously, user may observe a fake scan conducted by Windows Antivirus Machine. Image below shows how the fake scanner looks like.

Windows Antivirus Machine Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-6-29_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “pom7sbxg1q”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mjsu51xo.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Antivirus Machine.lnk
%Desktop%\Windows Antivirus Machine.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *