Windows Custom Settings

Windows Custom Settings is a rogue anti-virus program that creates fake infection alerts, blocks applications and hijacks your web browser, all to gain access to your credit card number. Despite looking like a real anti-virus program on the outside, Windows Custom Settings has no code that would let Windows Custom Settings find or delete threats on your PC. Windows Custom Settings is also distributed by Trojans that may cause related problems for your computer's security, and deleting Windows Custom Settings and any related Trojans should be done by using fully-updated anti-malware applications.

The First Signs of a Windows Custom Settings Attack

Although you might download Windows Custom Settings by accident before realizing that Windows Custom Settings is a fake anti-virus program, you're more likely to become infected by a Trojan. Fake Microsoft Security Essentials Alert Trojans are known to distribute rogue security programs in the Windows Custom Settings family, by pretending to download an anti-malware solution to an absent infection on your PC.

Fake Microsoft Security Essentials Alert Trojans can be identified by warnings like this one:

Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click 'Show details' to learn more.

A Fake Microsoft Security Essentials Alert Trojan will pretend to detect another Trojan on your PC, while simultaneously imitating the appearance of the real Microsoft Security Essentials program. Afterwards, Windows Custom Settings or another rogue security program will be installed, and your PC will be rebooted.

Besides it, this Trojan places you at risk of being attacked by countless other threats, including Windows Oversight Center, Windows Risks Preventions, Windows Tweaking Utility and Windows Firewall Unit.

By changing your Registry, Windows Custom Settings will run whenever Windows is loaded, without unusual circumstances (like Safe Mode or booting from an external device). Windows Custom Settings will try to alarm you by creating fake system ratings for areas like 'network security,' 'computer safety' and 'private data protection,' but these ratings are fake, just like everything else that Windows Custom Settings offers you.

After Windows Custom Settings Gets Settled In

Instead of providing virus protection, Windows Custom Settings will create problems like the following:

• Windows Custom Settings will block various programs, either at random or specifically to cripple your anti-virus and computer security capabilities. You may see errors like this example when trying to access a 'forbidden' program while Windows Custom Settings is running:

  Warning!
  Name: [application file name]
  Name: [application file path]
  Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

• Windows Custom Settings will create various types of fake errors at random, that simulate infection alerts. These fake errors might pinpoint a specific file, like the example in the above attack, or they may be more general, as is the case with these examples:

  System component corrupted!
  System reboot error has occurred due to lsass.exe system process failure.
  This may be caused by severe malware infections.
  Automatic restore of lsass.exe backup copy completed.
  The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

  Warning! Running trial version!
  The security of your computer has been compromised!
  Now running trial version of the software!
  Click here to purchase the full version of the software and get full protection for your PC!

• Windows Custom Settings may hijack your web browser to control which websites you can visit. Hijacked web browsers may show an unusual amount of links, redirect you from safe sites to dangerous ones, create error messages for no reason, change your homepage or play advertisements.
• Last of all, Windows Custom Settings may remain active, even if you try to close Windows Custom Settings, so that it can cause all of the above problems. This can be remedied by using a boot CD or Safe Mode, which will let you use appropriate anti-malware programs to delete Windows Custom Settings and any related PC threats.

File System Modifications

• The following files were created in the system:
  

  #	File Name
  1	%UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"