7/19/2012

Windows Home Patron rogue successful removal

Windows Home Patron virus is the thing we are going to talk in our today’s entry. This virus is not new one, it has a new name only. This virus comes from FakeVimes virus tribe and as we have already noticed the representatives from this malicious clan do not differs with the originality. The interface is the same. The tactic of behavior on the compromised machine is also the same. Its aims are also old. So as we have already said the title is the only distinctive feature. We regret to inform you that this hoax called Windows Home Patron has already been able to scare some people, and even up to the extent that they purchased its so-called full version. They have just lost their money, because this is just the malware and that’s it. It cannot do any good thing for your computer. The tactics applied by this evil tool are as follows: the rogue after successful installation runs plenty of fake system scans and report plenty of fake PC problems and errors. However, things seem in such a manner that the malware represents them as real problems and errors requiring immediate fixing. This is when the program offers itself as a solution, however, it tells you to first pay for its full version. Do no not spend any cent for it. We recommend you to remove this malware using certain decent anti-virus program. This blog represents GridinSoft Trojan Killer anti-virus application, and we are confident that it will be able to recover your computer from this type of infection. Please carefully follow all our removal instruction to overcome this obstacle.

The automatic and manual removal options are available for you. Select any method you like, both of them are effective.


malware removal tool

Delete Windows Home Patron files:
%AppData%\Protector-[rnd].exe
Delete Windows Home Patron registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

1 comment:

  1. No computer is completely safe from viruses, after an effective virus removal, precaution is still necessary.

    ReplyDelete