Windows Advanced Toolkit

Windows Advanced Toolkit Description

Windows Advanced Toolkit Screenshot 1While the scamware family of FakeVimes already has a profusion of members, its criminal distributors apparently felt that it needed at least one more variant with Windows Advanced Toolkit. Windows Advanced Toolkit exhibits all the expected symptoms of this family, including displaying inaccurate security alerts, hijacking your web browser and attempting to steal money and financial information via selling registration keys. Since Windows Advanced Toolkit doesn’t include any of the memory-monitoring, phishing-preventing or PC threat-detecting functions that Windows Advanced Toolkit might appear to have, malware research team recommends that you treat Windows Advanced Toolkit as a threat itself, rather than as the security software Windows Advanced Toolkit uses as its disguise. Windows Advanced Toolkit will attempt to evade removal methods that would work on legitimate software, but as a member of a widely-recognized group of fake anti-malware scanners, Windows Advanced Toolkit can be deleted by real security applications without any significant trouble.

How Windows Advanced Toolkit is Just Another Example of Tools That Set About Harming Your PC

Windows Advanced Toolkit borrows its appearance from older members of the FakeVimes family of fake anti-malware programs, and, accordingly, bears a strong resemblance to Windows Security Center. On a first glance, what modifications Windows Advanced Toolkit does possess appear to be along the lines of adding extra security features, such as a memory-monitoring utility. Lamentably, Windows Advanced Toolkit’s security functions are incapable of doing anything other than providing inaccurate data about the kinds of attacks and infections that your PC suffers through under its ministrations. Windows Advanced Toolkit’s attacks include both various types of pop-up warnings and system scans that display pre-determined and negative results, including wide ranges of high-level PC threats like Trojans, keyloggers and worms.

Windows Advanced Toolkit’s poor security features are merely an excuse for Windows Advanced Toolkit to hawk its purchasable version, which malware researchers strongly encourage you to avoid.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Because spending money on Windows Advanced Toolkit can result in other charges to your bank account or credit card, you should contact the relevant companies to take appropriate security precautions if you’ve made the miscalculation of treating Windows Advanced Toolkit like a purchase-worthy program. Other attacks that you may want to watch out for while Windows Advanced Toolkit is active-in-memory include:
  • Browser redirects to unusual websites, including search engine hijacks, redirects to fake error pages and redirects to Windows Advanced Toolkit-promoting websites.
  • Unrelated applications being blocked, with an especial emphasis on security-related software like Task Manager. malware analysts note that this may make it critical for you to prevent Windows Advanced Toolkit from launching before you can remove Windows Advanced Toolkit safely from your computer.
  • Windows Registry settings that are changed to harm your computer’s default security (for example, by allowing your browser to easily download malicious and improperly-IDed files).

Nudging Your Computer Out of the Way of Windows Advanced Toolkit’s Path of Victims

Although Windows Advanced Toolkit promotes itself as an independent anti-malware program, malware experts have found that Windows Advanced Toolkit is copied directly from past examples of FakeVimes-based rogue anti-malware products. Consequentially, you should also be ready to avoid any Windows application that bears a strong resemblance to Windows Advanced Toolkit, such as Best Virus Protection, Windows Profound Security, Windows Accelerator Pro, Windows PC Aid, Windows Home Patron, Windows Active Guard, Windows Personal Detective, Windows AntiBreach Patrol, Windows Safety Toolkit, Windows Smart Warden, Windows Privacy Module, Anti-Malware Lab, Internet Security Suite, Windows Efficiency Kit, Advanced Antispyware Solution, Total Anti Malware Protection, Best Malware Protection, Windows Protection Unit, Windows Efficiency Master, Windows Protection Master, Antivirus Smart Protection, Personal Security Sentinel, Windows Interactive Safety, Windows Antivirus Rampart, Windows Efficiency Console, Windows Activity Booster, Windows Cleaning Tools, Windows Sleek Performance, Best Antivirus Software, Windows Component Protector, Windows Advanced Security Center, Windows Shielding Utility, Windows Cleaning Toolkit, Windows Trouble Taker, Windows Interactive Security, PrivacyGuard PRO, Windows Ultimate Booster, Windows No-Risk Agent, Windows AntiHazard Center, Windows AntiHazard Helper, Windows Premium Shield, Smart Internet Protection 2012, VirusSecurity, Windows Firewall Constructor, Windows Software Saver, Enterprise Suite, Windows Performance Adviser, Windows Premium Guard and Windows Prime Booster. Windows Advanced Toolkit’s FakeVimes family has been noted as being specialized for the Windows OS, although other operating systems can still be vulnerable to attacks by other families of rogue security programs.

Windows Advanced Toolkit and its relatives typically are propagated throughout the web by fake online scanners, pop-up alerts and fraudulent media player updates. In some cases, a second PC threat, such as Zlob or other Trojan downloaders may be used to install Windows Advanced Toolkit. In optimal circumstances, removing Windows Advanced Toolkit should utilize system scans that can also delete related PC threats with Windows Advanced Toolkit, or you may be unable to prevent the Trojan from reinstalling Windows Advanced Toolkit after a reboot.

Windows Advanced Toolkit Automatic Detection Tool (Recommended)

Is your PC infected with Windows Advanced Toolkit? To safely & quickly detect Windows Advanced Toolkit we highly recommend you run the malware scanner listed below.

Visual & GUI Characteristics

Windows Advanced Toolkit Screenshot 2Windows Advanced Toolkit Screenshot 3Windows Advanced Toolkit Screenshot 4Windows Advanced Toolkit Screenshot 5Windows Advanced Toolkit Screenshot 6Windows Advanced Toolkit Screenshot 7Windows Advanced Toolkit Screenshot 8Windows Advanced Toolkit Screenshot 9Windows Advanced Toolkit Screenshot 10Windows Advanced Toolkit Screenshot 11

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 Windows Advanced Toolkit.lnk 256
    2 %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnk N/A
    3 %AppData%\Windows Advanced Toolkit\Instructions.ini N/A
    4 %AppData%\Windows Advanced Toolkit\ScanDisk_.exe N/A
    5 %CommonAppData%\58ef5\SP98c.exe N/A
    6 %CommonAppData%\58ef5\SPT.ico N/A
    7 %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg N/A
    8 %Desktop%\Windows Advanced Toolkit.lnk N/A
    9 %Programs%\Windows Advanced Toolkit.lnk N/A
    10 %StartMenu%\Windows Advanced Toolkit.lnk N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety"%CommonAppData%\58ef5\SP98c.exe" /s /dHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString "[unknown dir]\[unknown file name].exe"/delHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware FirewallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}

Additional Information

  • The following messages's were detected:
    # Message
    Attempt to run a potentially dangerous script detected.
    Full system scan is a highly recommended.
    Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
    Software without a digital signature detected.
    Your system files are at risk. We strongly advise you to activate your protection.
Posted: June 22, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 203

One Comment

Leave a Reply

What is 15 + 14 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)