Home Malware Programs Rogue Anti-Spyware Programs Windows Custodian Utility

Windows Custodian Utility

Posted: April 4, 2012

Threat Metric

Ranking: 1,352
Threat Level: 1/10
Infected PCs: 11,518
First Seen: April 4, 2012
Last Seen: October 16, 2023
OS(es) Affected: Windows

Windows Custodian Utility Screenshot 1Windows Custodian Utility is a rogue anti-virus scanner that acts as though Windows Custodian Utility can offer 'ultimate protection' against multiple types of PC threats, but SpywareRemove.com malware analysts are here to confirm that Windows Custodian Utility can't detect any type of malicious software or online attack against your PC. Because Windows Custodian Utility originates from the same FakeVimes family of fake anti-virus products that reuse the same interface with different brand names, you should treat any anti-virus program that bears a strong resemblance to Windows Custodian Utility as potentially malicious. Problems that can arise from tolerating Windows Custodian Utility's presence on your computer can include browser redirects, an inability to use legitimate security utilities and various fake warning messages that display inaccurate information. However, while Windows Custodian Utility will convince you that buying a registration key is the best way to solve these issues, deleting Windows Custodian Utility itself with any good anti-malware program should be more than sufficient to put a stop to all of these attacks.

How Windows Custodian Utility Does Its Best to Replace Your Real Security with a Hoax

Windows Custodian Utility and other FakeVimes-based PC threats share the same basic marketing and scamming tactics that are also in use by such scamware programs as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. After Windows Custodian Utility's installation (which can be enabled via fake codec updates, Trojans like Zlob and fake online scanners), Windows Custodian Utility will start with Windows and display inaccurate system information in the form of scan results and pop-up alerts. This information will notify you about nonexistent infections, including spyware, rootkits and ongoing attacks against your PC that should all be ignored as fake.

Windows Custodian Utility will also attempt to block various types of programs to prevent you from easily removing Windows Custodian Utility from your computer. Programs that Windows Custodian Utility may block can include firewall tools, anti-virus scanners, process-viewing tools (such as Task Manager) and other types of security products. Since some of these attacks block their targets by changing the Windows Registry, even disabling Windows Custodian Utility may not let you have full access to all of your other applications until you've used anti-malware software to remove the changes that Windows Custodian Utility has caused to Windows.

The Dangers of a Windows Custodian Utility-Hamstrung Web Browser

Windows Custodian Utility may also alter your web browser for several purposes, including reducing its security, forcing you into contact with malicious websites and preventing you from visiting PC security sites. By modifying your Hosts file, Windows Custodian Utility can redirect your browser on a whim, with its default behavior preferentially triggering redirects after you try to use a search engine. Windows Custodian Utility can also use these attacks to promote its own website.

Unfortunately, redirects are relatively less dangerous than the security attacks that SpywareRemove.com malware experts have found Windows Custodian Utility to be guilty of making against web browsers. By authorizing your PC to run programs with invalid signatures without any warnings, Windows Custodian Utility makes your computer more vulnerable than normal to drive-by-downloads and other attacks that involve harmful files from untrustworthy sources. These problems, combined with Windows Custodian Utility's software barricade, should be considered good reasons to treat Windows Custodian Utility as a severe threat and delete Windows Custodian Utility with the best anti-malware application that you can use.

Windows Custodian Utility Screenshot 2Windows Custodian Utility Screenshot 3Windows Custodian Utility Screenshot 4Windows Custodian Utility Screenshot 5Windows Custodian Utility Screenshot 6Windows Custodian Utility Screenshot 7Windows Custodian Utility Screenshot 8Windows Custodian Utility Screenshot 9Windows Custodian Utility Screenshot 10Windows Custodian Utility Screenshot 11Windows Custodian Utility Screenshot 12

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\Protector-jdpf.exe File name: Protector-jdpf.exe
Size: 2.04 MB (2045952 bytes)
MD5: 448a4c8d4404b0173caace2896cbc72c
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 5, 2012
%APPDATA%\Protector-syyx.exe File name: Protector-syyx.exe
Size: 2.04 MB (2046976 bytes)
MD5: 9bcb95f35c826568356a78722d2e9f09
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 5, 2012
%DesktopDir%\Windows Custodian Utility.lnk File name: %DesktopDir%\Windows Custodian Utility.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonPrograms%\Windows Custodian Utility.lnk File name: %CommonPrograms%\Windows Custodian Utility.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AppData%\npswf32.dll File name: %AppData%\npswf32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\Inspector-[RANDOM CHARACTERS].exe File name: %AppData%\Inspector-[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

Additional Information

The following messages's were detected:
# Message
1Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
2Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
3Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites

Loading...