Activate Ultimate Protection

Activate Ultimate Protection Description

Activate Ultimate Protection Screenshot 1Activate Ultimate Protection is a component of recent versions of rogue anti-malware programs from the Win32/FakeVimes family. Like all components and features of such scamware, Activate Ultimate Protection doesn’t have any ability to protect your PC and is always an indication of infection by malicious software. While the most likely danger that’s presented by Activate Ultimate Protection itself is being tricked into spending money on its associated scamware, malware researchers have found that other attacks that are also included in common Activate Ultimate Protection-related infections are browser redirects, search engine hijacks, fraudulent pop-up alerts, blocked programs and a litany of other unauthorized changes to Windows. While rogue anti-malware applications that use fake Activate Ultimate Protection features are limited to attacking Windows PCs, they should be considered to be actively-distributing PC threats with ongoing development.

When You Activate Ultimate Protection and Deactivate Your Own Finances in the Process

Because malware research team has found that Activate Ultimate Protection’s buttons are always components of rogue AV products, you should be prepared to identify differently-named scamware products by their usage of Activate Ultimate Protection and similar attributes (such as fake ‘Advanced Process Control’ features that replace Windows Task Manager). Examples of other members of FakeVimes that have been confirmed to use Activate Ultimate Protection buttons in their template include: Windows Efficiency Reservoir, Smart Security, Windows Pro Defence Kit, Windows Web Commander, Windows Efficiency Kit, Smart Engine, Windows Risk Minimizer, Windows Daily Advisor, Windows Personal Doctor, Windows Firewall Constructor, Windows Cleaning Tools, Windows Anti-Malware Patch, Best Virus Protection, Windows Antivirus Suite, Windows Debug Center, Windows Interactive Security, Windows Antivirus Machine, Windows Custom Management, Windows High-End Protection, Windows Safety Manager, Windows Privacy Extension, Windows Proprietary Advisor, Windows Abnormality Checker, Windows Stability Guard, Windows Be-on-Guard Edition, Windows Smart Partner, Windows Protection Maintenance, Windows Processes Accelerator, Keep Center Keeper, Windows PC Aid, Windows Security Renewal, Windows Antibreaking System, Windows AntiBreach Helper, Windows Safeguard Upgrade, Smart Internet Protection 2012, Windows Advanced Toolkit, Personal Security Sentinel, Internet Security Essentials, Smart PC Cleaner, Windows Antivirus Release, A-fast Antivirus, Windows Privacy Module, Windows Care Taker, Windows Prime Shield, Windows Guard Tools, System Protection Tools, Windows Telemetry Center, Windows Antivirus Booster and Windows Defence Unit.

Notably, malware researchers have also seen some occurrences of WIn32/FakeVimes variants that break out of their typical brand-name pattern to include an additional word (such as Windows Pro Safety Release).

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Older variants of WIn32/FakeVimes have been known to use different naming patterns and aren’t guaranteed to include Activate Ultimate Protection buttons (although they will continue to be nearly-identical in most other respects).

The PC threat-defining and most visible attacks from Activate Ultimate Protection-related scamware programs include fraudulent security warnings, system notifications and hard drive scans. Although all security information from an Activate Ultimate Protection-branded program will display fake results that warn you about harmful software or attacks that aren’t actually reaching your computer, these FakeVimes variants may also cause real security issues until they’re deleted. Activate Ultimate Protection doesn’t serve any purpose besides encouraging you to spend money on the fake anti-malware program that Activate Ultimate Protection is attached to, and, as such, should never be interacted with as long as you’re interested in saving your money for legitimate software.

How You Can Tell Activate Ultimate Protection to Put a Sock in It

Since there’s no reason to ‘activate’ any software that Activate Ultimate Protection recommends you to purchase, malware researchers encourage you to delete all Activate Ultimate Protection-associated scamware once you begin to see the first indications of fake pop-ups and other symptoms (such as browser redirects or blocked AV software) on your computer. Since the presence of rogue anti-malware scanners from Activate Ultimate Protection’s family is always indicative of potentially serious security vulnerabilities, it’s suggested that you enact an appropriate solution ASAP to minimize any chance of permanent damage to your operating system.

FakeVimes-based PC threats with Activate Ultimate Protection characteristics are limited to attacking Windows-based operating systems, although similar types of fake security products from other families aren’t necessarily restricted to Windows attacks. malware analysts have found that fake software updates (for Flash, media codecs, etc) and fake movie-streaming links are two of the most common methods for Activate Ultimate Protection-associated PC threats to be installed, along with fraudulent online scanners. This installation process often uses a Trojan dropper or Trojan downloader such as Zlob, and any scan to remove Activate Ultimate Protection-related software should also be exacting enough to delete related Trojans.

Activate Ultimate Protection Automatic Detection Tool (Recommended)

Is your PC infected with Activate Ultimate Protection? To safely & quickly detect Activate Ultimate Protection we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name
    1 %AppData%\Activate Ultimate Protection\Instructions.ini
    2 %AppData%\Activate Ultimate Protection\ScanDisk_.exe
    3 %AppData%\Microsoft\Internet Explorer\Quick Launch\Activate Ultimate Protection.lnk
    4 %AppData%\NPSWF32.dll
    5 %AppData%\Protector-[RANDOM CHARACTERS].exe
    6 %AppData%\result.db
    7 %CommonAppData%\58ef5\SP98c.exe
    8 %CommonAppData%\58ef5\SPT.ico
    9 %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
    10 %Desktop%\Activate Ultimate Protection.lnk
    11 %Programs%\Activate Ultimate Protection.lnk
    12 %StartMenu%\Activate Ultimate Protection.lnk

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Activate Ultimate Protection “%CommonAppData%\58ef5\SP98c.exe” /s /dHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate ProtectionHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayIcon [unknown dir]\[unknown file name].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayName Activate Ultimate ProtectionHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayVersion\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\InstallLocation [unknown dir]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\Publisher UIS Inc.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\UninstallString “[unknown dir]\[unknown file name].exe” /delHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
Posted: May 25, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 3.00 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 175
Home Malware ProgramsRogue Anti-Spyware Programs Activate Ultimate Protection


  • malon says:

    How can I download this on another computer without internet access. the virus or whatever it is is keeping me from getting on the internet.

  • harold chipman says:

    how do I get this trash off of my compter?

  • Dominic Candeloro says:

    how can I remove the trial version of Ultimate Protection? It won’t let me go online. I don’t want to buy it–just get rid of it so I can go online.

Leave a Reply

What is 7 + 8 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)