Windows Privacy Module

By | June 8, 2012 | 0 Comment

Windows Privacy Module is another security threat that will make your computing experience rough. This malware will make most of your programs and tools unusable. It may also hide your files and folders, which makes most of your icons to vanish. Moreover, Windows Privacy Module blocks your Internet access and displays a fake error page stating that your computer is infected with Trojans and viruses. The malware is kind enough to help you resolve this issue; however, it will demand you to pay for the full version of the program first.

As you may notice, this fake security software will do everything in order to convince you into buying the endorsed software. To serve the purpose, Windows Privacy Module will display untrue security warnings and alerts like the following:

Warning! Spambot detected!
Attention! A spambot is sending viruses from your e-mail has been detected on your PC.
Yes, protect my PC and remove spambot now (Recommended)

Error
Potential malware detected.
It is recommended to activate protection and perform a thorough system scan to remove the malware.

Recommended:
Please click “Remove all” button to erase all infected files and protect your PC

You should not believe in any of these messages. As mentioned, it is a trick to mislead you and makes you think that system is compromised. What you should do is remove Windows Privacy Module right away. Follow the guide on this page to rid of this malware and protect the computer against the same attack.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Privacy Module Infection?

There are many obvious symptoms if computer is infected with this malware. It will launch a scan once you log-in to Windows. See image below.

Windows Privacy Module Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “wtycmiurps”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Privacy Module.lnk
%Desktop%\Windows Privacy Module.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *