Windows Advanced Toolkit
Windows Advanced Toolkit Description
While the scamware family of FakeVimes already has a profusion of members, its criminal distributors apparently felt that it needed at least one more variant with Windows Advanced Toolkit. Windows Advanced Toolkit exhibits all the expected symptoms of this family, including displaying inaccurate security alerts, hijacking your web browser and attempting to steal money and financial information via selling registration keys. Since Windows Advanced Toolkit doesn’t include any of the memory-monitoring, phishing-preventing or PC threat-detecting functions that Windows Advanced Toolkit might appear to have, SpywareRemove.com malware research team recommends that you treat Windows Advanced Toolkit as a threat itself, rather than as the security software Windows Advanced Toolkit uses as its disguise. Windows Advanced Toolkit will attempt to evade removal methods that would work on legitimate software, but as a member of a widely-recognized group of fake anti-malware scanners, Windows Advanced Toolkit can be deleted by real security applications without any significant trouble.How Windows Advanced Toolkit is Just Another Example of Tools That Set About Harming Your PC
Windows Advanced Toolkit borrows its appearance from older members of the FakeVimes family of fake anti-malware programs, and, accordingly, bears a strong resemblance to Windows Security Center. On a first glance, what modifications Windows Advanced Toolkit does possess appear to be along the lines of adding extra security features, such as a memory-monitoring utility. Lamentably, Windows Advanced Toolkit’s security functions are incapable of doing anything other than providing inaccurate data about the kinds of attacks and infections that your PC suffers through under its ministrations. Windows Advanced Toolkit’s attacks include both various types of pop-up warnings and system scans that display pre-determined and negative results, including wide ranges of high-level PC threats like Trojans, keyloggers and worms.
Windows Advanced Toolkit’s poor security features are merely an excuse for Windows Advanced Toolkit to hawk its purchasable version, which SpywareRemove.com malware researchers strongly encourage you to avoid.
- Browser redirects to unusual websites, including search engine hijacks, redirects to fake error pages and redirects to Windows Advanced Toolkit-promoting websites.
- Unrelated applications being blocked, with an especial emphasis on security-related software like Task Manager. SpywareRemove.com malware analysts note that this may make it critical for you to prevent Windows Advanced Toolkit from launching before you can remove Windows Advanced Toolkit safely from your computer.
- Windows Registry settings that are changed to harm your computer’s default security (for example, by allowing your browser to easily download malicious and improperly-IDed files).
Nudging Your Computer Out of the Way of Windows Advanced Toolkit’s Path of Victims
Although Windows Advanced Toolkit promotes itself as an independent anti-malware program, SpywareRemove.com malware experts have found that Windows Advanced Toolkit is copied directly from past examples of FakeVimes-based rogue anti-malware products. Consequentially, you should also be ready to avoid any Windows application that bears a strong resemblance to Windows Advanced Toolkit, such as System Protection Tools, CleanUp Antivirus, Total Anti Malware Protection, Volcano Security Suite, Windows Telemetry Center, Windows Custodian Utility, Windows Shielding Utility, Windows Safety Toolkit, Windows Privacy Module, Fast Antivirus 2009, Home Malware Cleaner, Windows Tools Patch, Windows Malware Sleuth, Windows High-End Protection, Windows Pro Safety Release, Windows Control Series, Windows Profound Security, Windows Active Guard, Windows Threats Destroyer, Windows Maintenance Suite, Windows Problems Stopper, Windows No-Risk Agent, Best Antivirus Software, Windows Premium Console, Windows No-Risk Center, Windows Debug Center, Smart Engine, Windows Efficiency Accelerator, Windows Safety Wizard, Live PC Care, Security Antivirus, Windows First-Class Protector, Windows Advanced Security Center, Windows Pro Defence, Windows Expert Series, Live Enterprise Suite, My Security Shield, Windows Basic Antivirus, Windows Pro Rescuer, Windows Abnormality Checker, Windows Antivirus Rampart, Windows Premium Defender, Windows Instant Scanner, Windows Functionality Checker, Windows Software Keeper, Windows Activity Debugger, Smart Virus Eliminator, Windows Custom Safety, Internet Security Suite, Windows Smart Partner, Windows Protection Unit, Windows Web Combat, Anti-Malware Lab, Windows Antivirus Care, Windows Safety Series, Windows Privacy Counsel, Windows Enterprise Defender, Windows System Defender, Windows Secure Web Patch, Windows Ultimate Security Patch, Windows Ultimate Safeguard, Windows Guard Tools, Windows Interactive Safety, Windows Premium Guard, Internet Security Essentials, Windows Stability Guard, Windows Software Saver, Windows Interactive Security, Strong Malware Defender, Windows Performance Catalyst, Windows Safety Checkpoint, Windows Health Keeper, Keep Center Keeper, Windows Advanced User Patch, Activate Ultimate Protection, Windows Home Patron, Windows Private Shield, Windows Crucial Scanner, Smart Anti-Malware Protection, Windows Pro Web Helper, Windows Active Defender, Windows Antivirus Patch, Windows Proprietary Advisor, Virus Doctor, Windows Smart Warden, Windows Firewall Constructor, Windows Privacy Extension, Windows Anti-Malware Patch, Windows Sleek Performance, Windows Pro Solutions, Windows Virus Hunter, Windows PRO Scanner, Windows Managing System, Windows Maintenance Guard, Extra Antivirus, Enterprise Suite, My Security Engine, Windows Safety Maintenance, Windows Enterprise Suite, Personal Security Sentinel, Home Safety Essentials, Windows Web Commander, Windows Risk Minimizer, Windows Antivirus Release, Windows ProSecure Scanner, Smart Security, Windows Personal Doctor, Windows AntiHazard Center, Windows Proactive Safety, Windows Protection Maintenance, Additional Guard, Windows ProSecurity Scanner, Antivirus Smart Protection, Windows Shield Tool, Windows Daily Adviser, Personal Internet Security 2011, Windows Defending Center, Windows Trouble Taker, Windows Secure Surfer, Windows AntiHazard Helper, Windows Protection Master, Windows Virtual Angel, Windows Secure Workstation, Smart Internet Protection 2012, PrivacyGuard PRO, Windows Defence Counsel, Windows Secure Workshop, Smart Internet Protection 2011, Windows Antihazard Solution, My Security Wall, Windows Guardian Angel, Windows Warding System, Windows Pro Safety, Windows Process Director, Windows Care Taker, Windows Internet Booster, Windows Virtual Firewall, Windows Turnkey Console, Windows Custom Management, Security Master AV, Windows Safety Manager, Windows Safeguard Upgrade, Windows Guard Solutions, Windows Security Renewal, PC Live Guard, Best Malware Protection, VirusSecurity, Windows Antivirus Machine, Windows Safety Module, Windows Security Suite, Windows Multi Control System, XP Smart Security, Windows PC Aid, Windows Performance Adviser, Windows Be-on-Guard Edition, Windows Security System and Windows Virtual Security. Windows Advanced Toolkit’s FakeVimes family has been noted as being specialized for the Windows OS, although other operating systems can still be vulnerable to attacks by other families of rogue security programs.
Windows Advanced Toolkit and its relatives typically are propagated throughout the web by fake online scanners, pop-up alerts and fraudulent media player updates. In some cases, a second PC threat, such as Zlob or other Trojan downloaders may be used to install Windows Advanced Toolkit. In optimal circumstances, removing Windows Advanced Toolkit should utilize system scans that can also delete related PC threats with Windows Advanced Toolkit, or you may be unable to prevent the Trojan from reinstalling Windows Advanced Toolkit after a reboot.
Windows Advanced Toolkit Automatic Detection Tool (Recommended)
Is your PC infected with Windows Advanced Toolkit? To safely & quickly detect Windows Advanced Toolkit, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Windows Advanced Toolkit
What happens if Windows Advanced Toolkit does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %APPDATA%\ Protector-ajff.exe 651 2 Windows Advanced Toolkit.lnk 600 3 %AppData%\Windows Advanced Toolkit\ScanDisk_.exe N/A 4 %AppData%\Windows Advanced Toolkit\Instructions.ini N/A 5 %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnk N/A 6 %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg N/A 7 %CommonAppData%\58ef5\SPT.ico N/A 8 %CommonAppData%\58ef5\SP98c.exe N/A 9 %Desktop%\Windows Advanced Toolkit.lnk N/A 10 %Programs%\Windows Advanced Toolkit.lnk N/A 11 %StartMenu%\Windows Advanced Toolkit.lnk N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety"%CommonAppData%\58ef5\SP98c.exe" /s /dHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString "[unknown dir]\[unknown file name].exe"/delHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware FirewallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion 1.1.0.1010HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe - The following CLSID's were detected:
HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
Additional Information
- The following messages's were detected:
# Message 1 Error
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.2 Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.3 Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Posted: June 22, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(1 votes, average: 5.00 out of 5)
Loading ...Rate this article:
Detection Count: 49
what can i do to remove this program from my laptop is not working propoly