Windows Malware Firewall

By | June 1, 2012 | 0 Comment

Windows Malware Firewall is a rogue program aiming to cheat on computer users by publishing threats that do not exists. The software we are dealing about seems to be a good one, but after taking a closer look and further diagnosis, it reveals how bad Windows Malware Firewall was. The first time it enters the computer, it will make changes to the system files. It also tweaks the registry to give the malware a lift every time you login to computer. Once it is loaded, it begins to manipulate the operation by disabling all installed applications including your antivirus software. Other signs of Windows Malware Firewall infection is the unstoppable pop-up alerts and system tray warnings. Authors of this malware aim to mimic what real antivirus does on the computer except that it cannot perform virus removal. The program is not designed to give protection but to mislead you and make you accept the product as the virus remover. That will only matter if it convinces you to pay for the full version of the program.

Now that you know these bad things about Windows Malware Firewall, perhaps you will begin to ignore it. It is also important that you carry out the removal procedure to take it out of your PC. On the guide below, we have simple instructions and free tool to remove Windows Malware Firewall and all modules that belongs to it.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Malware Firewall Infection?

Here is the malware’s fake virus scanner. This GUI will appear on the screen of the infected computer each time Windows starts.

Fake virus scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “wtycmiurps”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Malware Firewall.lnk
%Desktop%\Windows Malware Firewall.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *