Windows Antivirus Release

By | August 8, 2012 | 0 Comment

Windows Antivirus Release is rogue software that is aiming on computer users globally. The name seems new but the look is very familiar to many, particularly those who have encountered other members from its clan. There are many similar sample of this fake antivirus because author spread one of it almost each day. Fighting this illicit activity remains a challenge for most computer companies these days. Each time they discovered a solution to counter the infection; malware authors will device an alternative way to spread malware such as Windows Antivirus Release.

First, we must elaborate how this malware infects a computer so that we can help you find better solution and proper way to avoid it. Windows Antivirus Release spreads with the help of a Trojan. We know that Trojans may enter the computer via software exploits especially on Internet browser. Having no protection software is just like welcoming the Trojan to enter your PC.

When Windows Antivirus Release in inside the computer, it closely imitates the traits of genuine antivirus program. The malware will scan the computer and release a false result in an attempt to deceive you. Scare tactics such as mentioned is the main method for this malware to persuade you into paying for the full version.

We hope that this simple write-ups help educate you about Windows Antivirus Release. Seeing this threat on the computer denotes that you must run a virus scan as soon as possible. To complete the removal, you can follow the procedures we have prepared which you can find on this page.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Antivirus Release Infection?

When your Windows starts with virus scan as shown in the image below, this reveals that computer is infected with a malware.

Windows Antivirus Release Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-08-05_1”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “njncbdgfte”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mjs7hdu1.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Antivirus Release.lnk
%Desktop%\Windows Antivirus Release.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *