Windows Secure Web Patch

By | June 15, 2012 | 3 Comments

Windows Secure Web Patch is a brand new malware that users can acquire if browsing the web without proper security setup. It enters inside an unguarded computer in various ways. Most popular of all is the use of Trojan that is capable of forcing itself inside a computer that has security fault. When the Trojan successfully invades a system, it will strike the registry and create some entries. It hits the registry first, because author of Windows Secure Web Patch intends to run it every time user starts Windows.

Once it is having control of the infected computer, this threat will claim to be a useful program that can detect and isolate threats. When it scans the system, it will show a list of threats and brag that it can be remove by the same software but user must pay for the full version first. It is so obvious that it forces a situation in order to sell a rogue product.

Do not panic when you come face to face with Windows Secure Web Patch. All you have to do is ignore this malware. Never click on its prompts. It is important that you should run a full virus scan immediately using genuine security program.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Secure Web Patch Infection?

Here is a screenshot image of the rogue program when it begins to scan the computer. It will produce threats that does not reside on the computer.

Windows Secure Web Patch Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mkcbhquwpl”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Secure Web Patch .lnk
%Desktop%\Windows Secure Web Patch .lnk

3 thoughts on “Windows Secure Web Patch

  1. pancho

    Thanks. Your procedure seems to work in removing this pest from my computer. Only one question left, if I upgrade malwarebytes to a full version, would it protect my PC from malware and viruses. Or is it designed only to fight malware?

  2. Grace

    I like the valuable information you provide for your articles. I will bookmark your weblog and test again here regularly. I’m relatively certain I’ll learn lots of new stuff right here! Good luck for the following!

  3. MICHAEL SHANNON

    GETTING REPORTS THAT MY SECURITY SHIELD IS NOT ON TO PROTECT MY COMPUTER. ASKING TO TURN OFF FIREWALL TO MAKE AJUSTMENTS. WHAT SHOULD I DO?

Leave a Reply

Your email address will not be published. Required fields are marked *