Windows Advanced Toolkit

Windows Advanced Toolkit Description

Windows Advanced Toolkit Screenshot 1While the scamware family of FakeVimes already has a profusion of members, its criminal distributors apparently felt that it needed at least one more variant with Windows Advanced Toolkit. Windows Advanced Toolkit exhibits all the expected symptoms of this family, including displaying inaccurate security alerts, hijacking your web browser and attempting to steal money and financial information via selling registration keys. Since Windows Advanced Toolkit doesn’t include any of the memory-monitoring, phishing-preventing or PC threat-detecting functions that Windows Advanced Toolkit might appear to have, malware research team recommends that you treat Windows Advanced Toolkit as a threat itself, rather than as the security software Windows Advanced Toolkit uses as its disguise. Windows Advanced Toolkit will attempt to evade removal methods that would work on legitimate software, but as a member of a widely-recognized group of fake anti-malware scanners, Windows Advanced Toolkit can be deleted by real security applications without any significant trouble.

How Windows Advanced Toolkit is Just Another Example of Tools That Set About Harming Your PC

Windows Advanced Toolkit borrows its appearance from older members of the FakeVimes family of fake anti-malware programs, and, accordingly, bears a strong resemblance to Windows Security Center. On a first glance, what modifications Windows Advanced Toolkit does possess appear to be along the lines of adding extra security features, such as a memory-monitoring utility. Lamentably, Windows Advanced Toolkit’s security functions are incapable of doing anything other than providing inaccurate data about the kinds of attacks and infections that your PC suffers through under its ministrations. Windows Advanced Toolkit’s attacks include both various types of pop-up warnings and system scans that display pre-determined and negative results, including wide ranges of high-level PC threats like Trojans, keyloggers and worms.

Windows Advanced Toolkit’s poor security features are merely an excuse for Windows Advanced Toolkit to hawk its purchasable version, which malware researchers strongly encourage you to avoid.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Because spending money on Windows Advanced Toolkit can result in other charges to your bank account or credit card, you should contact the relevant companies to take appropriate security precautions if you’ve made the miscalculation of treating Windows Advanced Toolkit like a purchase-worthy program. Other attacks that you may want to watch out for while Windows Advanced Toolkit is active-in-memory include:
  • Browser redirects to unusual websites, including search engine hijacks, redirects to fake error pages and redirects to Windows Advanced Toolkit-promoting websites.
  • Unrelated applications being blocked, with an especial emphasis on security-related software like Task Manager. malware analysts note that this may make it critical for you to prevent Windows Advanced Toolkit from launching before you can remove Windows Advanced Toolkit safely from your computer.
  • Windows Registry settings that are changed to harm your computer’s default security (for example, by allowing your browser to easily download malicious and improperly-IDed files).

Nudging Your Computer Out of the Way of Windows Advanced Toolkit’s Path of Victims

Although Windows Advanced Toolkit promotes itself as an independent anti-malware program, malware experts have found that Windows Advanced Toolkit is copied directly from past examples of FakeVimes-based rogue anti-malware products. Consequentially, you should also be ready to avoid any Windows application that bears a strong resemblance to Windows Advanced Toolkit, such as Windows Maintenance Suite, Windows AntiHazard Helper, Windows Protection Maintenance, Security Antivirus, Windows Tools Patch, Windows Custom Management, Windows Efficiency Console, Windows Proprietary Advisor, Windows Protection Master, Windows Software Saver, System Smart Security, XP Smart Security, Windows Antivirus Rampart, Windows Security Suite, Windows Warding System, Windows Antivirus Patch, Windows Guard Tools, Windows Smart Partner, Windows Activity Booster, Windows Efficiency Master, Volcano Security Suite, Windows Defence Unit, Windows Pro Web Helper, Windows Internet Guard, Personal Internet Security 2011, My Security Shield, Keep Center Keeper, Windows Abnormality Checker, Windows Custom Safety, Windows PRO Scanner, Windows Safety Manager, Windows Premium Guard, Windows Be-on-Guard Edition, Home Safety Essentials, Windows Guardian Angel, Windows Antivirus Tool, Windows Ultimate Security Patch, Windows Ultimate Booster, CleanUp Antivirus, Windows AntiBreach Helper, Windows No-Risk Agent, Windows Antivirus Helper, Windows Threats Destroyer, Security Master AV, Windows Safety Module, PrivacyGuard PRO, Windows AntiBreach Patrol and Windows Basic Antivirus. Windows Advanced Toolkit’s FakeVimes family has been noted as being specialized for the Windows OS, although other operating systems can still be vulnerable to attacks by other families of rogue security programs.

Windows Advanced Toolkit and its relatives typically are propagated throughout the web by fake online scanners, pop-up alerts and fraudulent media player updates. In some cases, a second PC threat, such as Zlob or other Trojan downloaders may be used to install Windows Advanced Toolkit. In optimal circumstances, removing Windows Advanced Toolkit should utilize system scans that can also delete related PC threats with Windows Advanced Toolkit, or you may be unable to prevent the Trojan from reinstalling Windows Advanced Toolkit after a reboot.

Windows Advanced Toolkit Automatic Detection Tool (Recommended)

Is your PC infected with Windows Advanced Toolkit? To safely & quickly detect Windows Advanced Toolkit we highly recommend you run the malware scanner listed below.

Visual & GUI Characteristics

Windows Advanced Toolkit Screenshot 2Windows Advanced Toolkit Screenshot 3Windows Advanced Toolkit Screenshot 4Windows Advanced Toolkit Screenshot 5Windows Advanced Toolkit Screenshot 6Windows Advanced Toolkit Screenshot 7Windows Advanced Toolkit Screenshot 8Windows Advanced Toolkit Screenshot 9Windows Advanced Toolkit Screenshot 10Windows Advanced Toolkit Screenshot 11

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 Windows Advanced Toolkit.lnk 256
    2 %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnk N/A
    3 %AppData%\Windows Advanced Toolkit\Instructions.ini N/A
    4 %AppData%\Windows Advanced Toolkit\ScanDisk_.exe N/A
    5 %CommonAppData%\58ef5\SP98c.exe N/A
    6 %CommonAppData%\58ef5\SPT.ico N/A
    7 %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg N/A
    8 %Desktop%\Windows Advanced Toolkit.lnk N/A
    9 %Programs%\Windows Advanced Toolkit.lnk N/A
    10 %StartMenu%\Windows Advanced Toolkit.lnk N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety"%CommonAppData%\58ef5\SP98c.exe" /s /dHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString "[unknown dir]\[unknown file name].exe"/delHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware FirewallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}

Additional Information

  • The following messages's were detected:
    # Message
    Attempt to run a potentially dangerous script detected.
    Full system scan is a highly recommended.
    Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
    Software without a digital signature detected.
    Your system files are at risk. We strongly advise you to activate your protection.
Posted: June 22, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 203

One Comment

Leave a Reply

What is 5 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)