Windows Interactive Security

By | July 1, 2012 | 0 Comment

Windows Interactive Security can make most computer systems worldwide unstable. It seems to be valid antivirus software but what lies behind it is author’s evil intention to play trick on victims in order to gain profit from this fake software.

With a number of security faults on software and hardware, most systems are exposed to malware. This is how Windows Interactive Security aims when targeting a computer. It will enter the PC through these holes and infects the registry to summon the malware file when Windows starts. Rogue software stealth installation also eludes even the existence of antivirus program on victim’s computer.

Upon successful installation of Windows Interactive Security into your computer, it begins to mimic antivirus scanning. However, fake program also produces fake results. This deceptive tactics aims to scare users so that they will believe that computer is in peril. On that situation, authors of rogue software can easily convince naïve user to purchase the paid version of Windows Interactive Security in order to clean the endangered PC.

Waste no time and money in dealing with Windows Interactive Security malware. Run a virus scan on the compromised system immediately using only valid security tool. For the rest of the uninstall guide, please refer to the removal section below.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Interactive Security Infection?

Below is a screenshot image of the rogue program when it begins to scan the computer.

Windows Interactive Security Fake Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mkcntprlfg”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mkstewin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Interactive Security.lnk
%Desktop%\Windows Interactive Security.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *