Windows Custodian Utility
Posted: April 4, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 1,352 |
---|---|
Threat Level: | 1/10 |
Infected PCs: | 11,518 |
First Seen: | April 4, 2012 |
---|---|
Last Seen: | October 16, 2023 |
OS(es) Affected: | Windows |
Windows Custodian Utility is a rogue anti-virus scanner that acts as though Windows Custodian Utility can offer 'ultimate protection' against multiple types of PC threats, but SpywareRemove.com malware analysts are here to confirm that Windows Custodian Utility can't detect any type of malicious software or online attack against your PC. Because Windows Custodian Utility originates from the same FakeVimes family of fake anti-virus products that reuse the same interface with different brand names, you should treat any anti-virus program that bears a strong resemblance to Windows Custodian Utility as potentially malicious. Problems that can arise from tolerating Windows Custodian Utility's presence on your computer can include browser redirects, an inability to use legitimate security utilities and various fake warning messages that display inaccurate information. However, while Windows Custodian Utility will convince you that buying a registration key is the best way to solve these issues, deleting Windows Custodian Utility itself with any good anti-malware program should be more than sufficient to put a stop to all of these attacks.
How Windows Custodian Utility Does Its Best to Replace Your Real Security with a Hoax
Windows Custodian Utility and other FakeVimes-based PC threats share the same basic marketing and scamming tactics that are also in use by such scamware programs as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. After Windows Custodian Utility's installation (which can be enabled via fake codec updates, Trojans like Zlob and fake online scanners), Windows Custodian Utility will start with Windows and display inaccurate system information in the form of scan results and pop-up alerts. This information will notify you about nonexistent infections, including spyware, rootkits and ongoing attacks against your PC that should all be ignored as fake.
Windows Custodian Utility will also attempt to block various types of programs to prevent you from easily removing Windows Custodian Utility from your computer. Programs that Windows Custodian Utility may block can include firewall tools, anti-virus scanners, process-viewing tools (such as Task Manager) and other types of security products. Since some of these attacks block their targets by changing the Windows Registry, even disabling Windows Custodian Utility may not let you have full access to all of your other applications until you've used anti-malware software to remove the changes that Windows Custodian Utility has caused to Windows.
The Dangers of a Windows Custodian Utility-Hamstrung Web Browser
Windows Custodian Utility may also alter your web browser for several purposes, including reducing its security, forcing you into contact with malicious websites and preventing you from visiting PC security sites. By modifying your Hosts file, Windows Custodian Utility can redirect your browser on a whim, with its default behavior preferentially triggering redirects after you try to use a search engine. Windows Custodian Utility can also use these attacks to promote its own website.
Unfortunately, redirects are relatively less dangerous than the security attacks that SpywareRemove.com malware experts have found Windows Custodian Utility to be guilty of making against web browsers. By authorizing your PC to run programs with invalid signatures without any warnings, Windows Custodian Utility makes your computer more vulnerable than normal to drive-by-downloads and other attacks that involve harmful files from untrustworthy sources. These problems, combined with Windows Custodian Utility's software barricade, should be considered good reasons to treat Windows Custodian Utility as a severe threat and delete Windows Custodian Utility with the best anti-malware application that you can use.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\Protector-jdpf.exe
File name: Protector-jdpf.exeSize: 2.04 MB (2045952 bytes)
MD5: 448a4c8d4404b0173caace2896cbc72c
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 5, 2012
%APPDATA%\Protector-syyx.exe
File name: Protector-syyx.exeSize: 2.04 MB (2046976 bytes)
MD5: 9bcb95f35c826568356a78722d2e9f09
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 5, 2012
%DesktopDir%\Windows Custodian Utility.lnk
File name: %DesktopDir%\Windows Custodian Utility.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonPrograms%\Windows Custodian Utility.lnk
File name: %CommonPrograms%\Windows Custodian Utility.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AppData%\npswf32.dll
File name: %AppData%\npswf32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\Inspector-[RANDOM CHARACTERS].exe
File name: %AppData%\Inspector-[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Additional Information
# | Message |
---|---|
1 | Error
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan. |
2 | Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
3 | Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124 Target: Your passwords for sites |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.