Windows Secure Web Patch is a brand new malware that users can acquire if browsing the web without proper security setup. It enters inside an unguarded computer in various ways. Most popular of all is the use of Trojan that is capable of forcing itself inside a computer that has security fault. When the Trojan successfully invades a system, it will strike the registry and create some entries. It hits the registry first, because author of Windows Secure Web Patch intends to run it every time user starts Windows.
Once it is having control of the infected computer, this threat will claim to be a useful program that can detect and isolate threats. When it scans the system, it will show a list of threats and brag that it can be remove by the same software but user must pay for the full version first. It is so obvious that it forces a situation in order to sell a rogue product.
Do not panic when you come face to face with Windows Secure Web Patch. All you have to do is ignore this malware. Never click on its prompts. It is important that you should run a full virus scan immediately using genuine security program.
What are the Symptoms of Windows Secure Web Patch Infection?
Here is a screenshot image of the rogue program when it begins to scan the computer. It will produce threats that does not reside on the computer.
It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mkcbhquwpl”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe
The threat will drop the following malicious files:
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%CommonStartMenu%\Programs\Windows Secure Web Patch .lnk
%Desktop%\Windows Secure Web Patch .lnk