Windows Ultimate Security Patch. Instructions on how to get rid of this virus.

1.Description

Windows Ultimate Security Patch is a money-oriented malicious antivirus that represents a serious menace for all PC owners. If you an active Internet user you are prone to run into this issue.

2. Algorithm of actions inside the affected computer system

Typically Windows Ultimate Security Patch totally disregards the authentication barriers as the restriction, since it is able to install itself without user’s approva. It uses up-to-date rootkit techniques to get the targeted PC. It is not very pleasant to listen, but if you notice any signs of this scam it means that your antivirus has failed to resist this malicious attack. When this badware is launching on your machine, it generates warning messages stating that some potentially risky items are detected. This fraudware reports trojans, keyloggers, rootkits, spyware etc to identify. Such pre-programed detection list is a the part of well thought-out-scheme on how to push you into buying its non-existent full version of Windows Ultimate Security Patch which can allegedly eliminate the viruses spotted on your computer.

3. Files

In the process of the installation, Windows Ultimate Security Patch copies the following files to the hard disk.

• %AppData%\NPSWF32.dll
• %AppData%\Protector-[rnd].exe
• %AppData%\result.db

4. System registry

Windows Ultimate Security Patch creates the following registry entries:

• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
• HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
• HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
• HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
• HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

Windows Ultimate Security Patch malware remover: