Windows Advanced Toolkit
Posted: June 22, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 35 |
First Seen: | June 22, 2012 |
---|---|
Last Seen: | January 8, 2020 |
OS(es) Affected: | Windows |
While the scamware family of FakeVimes already has a profusion of members, its criminal distributors apparently felt that it needed at least one more variant with Windows Advanced Toolkit. Windows Advanced Toolkit exhibits all the expected symptoms of this family, including displaying inaccurate security alerts, hijacking your web browser and attempting to steal money and financial information via selling registration keys. Since Windows Advanced Toolkit doesn't include any of the memory-monitoring, phishing-preventing or PC threat-detecting functions that Windows Advanced Toolkit might appear to have, SpywareRemove.com malware research team recommends that you treat Windows Advanced Toolkit as a threat itself, rather than as the security software Windows Advanced Toolkit uses as its disguise. Windows Advanced Toolkit will attempt to evade removal methods that would work on legitimate software, but as a member of a widely-recognized group of fake anti-malware scanners, Windows Advanced Toolkit can be deleted by real security applications without any significant trouble.
How Windows Advanced Toolkit is Just Another Example of Tools That Set About Harming Your PC
Windows Advanced Toolkit borrows its appearance from older members of the FakeVimes family of fake anti-malware programs, and, accordingly, bears a strong resemblance to Windows Security Center. On a first glance, what modifications Windows Advanced Toolkit does possess appear to be along the lines of adding extra security features, such as a memory-monitoring utility. Lamentably, Windows Advanced Toolkit's security functions are incapable of doing anything other than providing inaccurate data about the kinds of attacks and infections that your PC suffers through under its ministrations. Windows Advanced Toolkit's attacks include both various types of pop-up warnings and system scans that display pre-determined and negative results, including wide ranges of high-level PC threats like Trojans, keyloggers and worms.
Windows Advanced Toolkit's poor security features are merely an excuse for Windows Advanced Toolkit to hawk its purchasable version, which SpywareRemove.com malware researchers strongly encourage you to avoid. Because spending money on Windows Advanced Toolkit can result in other charges to your bank account or credit card, you should contact the relevant companies to take appropriate security precautions if you've made the miscalculation of treating Windows Advanced Toolkit like a purchase-worthy program. Other attacks that you may want to watch out for while Windows Advanced Toolkit is active-in-memory include:
- Browser redirects to unusual websites, including search engine hijacks, redirects to fake error pages and redirects to Windows Advanced Toolkit-promoting websites.
- Unrelated applications being blocked, with an especial emphasis on security-related software like Task Manager. SpywareRemove.com malware analysts note that this may make it critical for you to prevent Windows Advanced Toolkit from launching before you can remove Windows Advanced Toolkit safely from your computer.
- Windows Registry settings that are changed to harm your computer's default security (for example, by allowing your browser to easily download malicious and improperly-IDed files).
Nudging Your Computer Out of the Way of Windows Advanced Toolkit's Path of Victims
Although Windows Advanced Toolkit promotes itself as an independent anti-malware program, SpywareRemove.com malware experts have found that Windows Advanced Toolkit is copied directly from past examples of FakeVimes-based rogue anti-malware products. Consequentially, you should also be ready to avoid any Windows application that bears a strong resemblance to Windows Advanced Toolkit, such as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. Windows Advanced Toolkit's FakeVimes family has been noted as being specialized for the Windows OS, although other operating systems can still be vulnerable to attacks by other families of rogue security programs.
Windows Advanced Toolkit and its relatives typically are propagated throughout the web by fake online scanners, pop-up alerts and fraudulent media player updates. In some cases, a second PC threat, such as Zlob or other Trojan downloaders may be used to install Windows Advanced Toolkit. In optimal circumstances, removing Windows Advanced Toolkit should utilize system scans that can also delete related PC threats with Windows Advanced Toolkit, or you may be unable to prevent the Trojan from reinstalling Windows Advanced Toolkit after a reboot.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\Protector-ajff.exe
File name: Protector-ajff.exeSize: 2.35 MB (2355200 bytes)
MD5: a8852241fc353dd8d654f4eadbf91a77
Detection count: 89
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 8, 2020
%AppData%\Windows Advanced Toolkit\ScanDisk_.exe
File name: %AppData%\Windows Advanced Toolkit\ScanDisk_.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Windows Advanced Toolkit\Instructions.ini
File name: %AppData%\Windows Advanced Toolkit\Instructions.iniMime Type: unknown/ini
Group: Malware file
%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnk
File name: %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
File name: %CommonAppData%\SPUPCZPDET\SPABOIJT.cfgMime Type: unknown/cfg
Group: Malware file
%CommonAppData%\58ef5\SPT.ico
File name: %CommonAppData%\58ef5\SPT.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\58ef5\SP98c.exe
File name: %CommonAppData%\58ef5\SP98c.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\Windows Advanced Toolkit.lnk
File name: %Desktop%\Windows Advanced Toolkit.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Programs%\Windows Advanced Toolkit.lnk
File name: %Programs%\Windows Advanced Toolkit.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Windows Advanced Toolkit.lnk
File name: %StartMenu%\Windows Advanced Toolkit.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety"%CommonAppData%\58ef5\SP98c.exe" /s /dHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware FirewallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion 1.1.0.1010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString "[unknown dir]\[unknown file name].exe"/delHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
Additional Information
# | Message |
---|---|
1 | Error
Attempt to run a potentially dangerous script detected. Full system scan is a highly recommended. |
2 | Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan. |
3 | Error
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection. |
what can i do to remove this program from my laptop is not working propoly