Windows Proprietary Advisor

By | July 1, 2012 | 0 Comment

Keep an eye on Windows Proprietary Advisor. This rogue software introduces self as one useful antivirus thing. In the event that you have this program inside the computer, you will notice the true meaning of ‘rogue.’

The main part of this program focuses on misleading computer users. In fact, it has no module that is comparative to legitimate antivirus software. Windows Proprietary Advisor consists of the main file itself that will produce nothing but fake outcome. There are already massive reproductions of this kind. All of them carry the same graphical user interface (GUI).

It is critical that you remove this malware from the computer at once. When it prompts for a purchase, disregard the notice and refrain from following the advices. It might just harm your PC. Worst, the malware may obtain more malware when you click on its suggested links. Keep in mind that you can remove Windows Proprietary Advisor without buying the full version of it. The full guide to take this malware out of your PC is outlined on this page. Use only our suggested tool to uninstall the fake antivirus. Only legal security product is all you need to delete illegal programs.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Proprietary Advisor Infection?

Presence of Windows Proprietary Advisor will cause several annoyances including a constant web site redirect and pop-up alerts. The malware may also run a virus scan each time Windows starts. Please see the image below.

Windows Proprietary Advisor Fake Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
Options\mlsuwtys.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Windows Proprietary Advisor.lnk
%Desktop%\Windows Proprietary Advisor.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *