Windows Web Combat

By | July 13, 2012 | 0 Comment

Windows Web Combat is another version of malware coming from a clan called FakeVimes. This fake antivirus attempts to fool you into purchasing the product through misleading tactics. Its main goal is to sell a fake program. This is why; victims typically glimpse a repeated warnings and notices about threats on the system. It is followed by an advice to purchase Windows Web Combat urgently. Warning can contain a message that acquiring the product gives instant cure for computer viruses. However, during analysis, we found that Windows Web Combat is not in any way capable for removing any viruses from an infected computer. It is lacking of essential modules to perform PC protection either.

The best thing to do when Windows Web Combat is spotted on the computer is to run a virus scan immediately. With this type of infection, you may have to deal with two threats. One is the rogue program itself and the other is a Trojan that puts this malware inside the system. Trojans are the main causes of rogue software infection. They are the ones capable of infiltrating a computer without seeking approval of the owner.

To remove Windows Web Combat and all components including the Trojan, we have outlined the best procedure on this page. Follow the guide and download all suggested tool to make sure that all threats are eliminated completely.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Web Combat Infection?

Below is a screenshot image of the rogue program when it begins to scan the computer.

Windows Web Combat Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mlcxqywta”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsyrwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Web Combat.lnk
%Desktop%\Windows Web Combat.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *