Windows Virtual Firewall

By | July 19, 2012 | 0 Comment

Windows Virtual Firewall is an alleged security program for PC users. It claims that it can remove Trojans, viruses and malware. By incorporating ‘Windows’ in its name, some accepts it as a professional program. It also mimics how real antivirus software interacts with users especially sending an alert whenever threat is detected. Some may have a hard time to distinguish fake security software such as Windows Virtual Firewall against real ones. To give you ideas on how to identify fake antivirus product, you must continue reading this write-ups.

Once obvious distinction between fake from real is the way they are installed into your PC. Legitimate antivirus program typically comes bundled when you purchase a brand new system. Some may acquire genuine copy of voluntarily downloading them from official web sites. While fake ones will arrive at your computer unexpectedly. They are often installed using Trojan that infiltrates the system by exploiting software faults. Other transmission method includes fake online virus scanner, bogus software updates and bundled with other software.

If Windows Virtual Firewall is installed, it will start deceptive campaign. It employs all possible aspect to trick you and makes you think that computer is infected with viruses. It also configures the system so that only Windows Virtual Firewall will be allowed to run. Other programs and files are locked. In short, Windows Virtual Firewall almost held your computer hostage. In order to regain your access, you should uninstall Windows Virtual Firewall using a genuine anti-malware product. We provided a number of tools that can remove this threat from your ailing computer.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Virtual Firewall Infection?

If computer is infected with this malware, obviously, user may observe a fake scan conducted by Windows Virtual Firewall. Image below shows how the fake scanner looks like. 

Windows Virtual Firewall Fake Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “qazxspoilk”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qasxmjio.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Virtual Firewall.lnk
%Desktop%\Windows Virtual Firewall.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *