Windows Home Patron

By | July 19, 2012 | 0 Comment

Windows Home Patron is a new fake security product. It infiltrates the computer through various software weaknesses. When it is inside, it tries to induce you that the program is worthy and safe. You must learn that this is just a misleading campaign perpetuated by its authors. Windows Home Patron is dangerous. It uses deceptive tactics to make you believe that virus is attacking the computer. That is the reason why you can observe constant virus scan from this malware. It provides fictitious results to cheat you and convince that registered version is needed to clean the PC.

If your goal is to get rid of threats from the computer, you do not need Windows Home Patron. In fact, you must get rid of another virus. Do not pay attention to its prompts and promises. The malware presents false information that you must ignore. For reliable solution, we refer genuine security software. A combination of anti-virus and anti-malware program can provide great result in eliminating malware. On our procedures below, we offer different tools to be used to uninstall Windows Home Patron. We believed that running a scan with different program would catch entirely all the components of malware hidden inside the infected computer.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Home Patron Infection?

If computer is infected with this malware, obviously, user may observe a fake scan conducted by Windows Virtual Firewall. Image below shows how the fake scanner looks like.

Windows Home Patron Fake Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-7-15_2”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “poqtyghkls”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poitbnxv.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Home Patron.lnk
%Desktop%\Windows Home Patron.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *