Windows Health Keeper

Windows Health Keeper Description


Windows Health Keeper Screenshot 1Windows Health Keeper hails from the same Win32/FakeVimes group of fake anti-virus products. A typical Windows Health Keeper infection will also include additional attacks besides those that fake Windows Health Keeper’s security features. SpywareRemove.com malware analysts rate the following functions of Windows Health Keeper as being more dangerous than its above characteristics, and mandate Windows Health Keeper’s immediate removal as soon as you notice Windows Health Keeper:
  • Your system settings may be changed to allow Windows Health Keeper to hijack your browser. Hijacks can include changing your homepage, changing your search engine, restricting access to security sites or promoting dangerous sites.
  • Your anti-malware and security programs may be blocked, along with fake error messages that indicate that this is supposedly for your own good because of application damage or infection. By using a Safe Mode boot or similar methods to disable Windows Health Keeper, you regain usage of your anti-malware programs, which SpywareRemove.com malware researchers recommend for deleting Windows Health Keeper.

Identifying the Cracks in Windows Health Keeper’s Red-Alert Diagnosis


After its installation (typically by a Trojan, a fake online scanner or a drive-by-download attack), Windows Health Keeper launches itself without your permission whenever Windows starts. This allows Windows Health Keeper to display a constant flow of inaccurate warning messages alongside its self-contained ‘system scans’ that actually don’t scan your PC in the first place. Even though warning messages from Windows Health Keeper may appear to be technical and contain drastic warnings, SpywareRemove.com malware researchers have solidly confirmed Windows Health Keeper’s inability to provide legitimate threat alerts or system analyses.
Download SpyHunter Spyware Scanner
Instead, you’ll find that you’re looking at fake warnings like the following examples:

Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Win64.BIT.Looker.exe
Risk: High

ERROR MESSAGE:
Warning
Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Sunfraud.a

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Attempt to run a potentially dangerous script detected.
Full system is highly recommended.

System warning
No real-time malware, spyware and virus protection was found. Click here to activate.

WARNING! 371 threats detected
Detected malicious programs can damage your computer and compromise your privacy. It’s strongly recommended to remove them immediately [sic]!
Potential risks: Infecting other computers on your network
Continue unprotected Remove all threats now

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll

Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys

Ignoring these warnings will not cause any harm to come to your PC, since Windows Health Keeper’s real goal is to bludgeon you with hoax alerts until give up and spend money on the (equally worthless) ‘complete’ version of its software. The infamous FakeVimes also gave the world Windows Anti-Malware Patch, Windows Enterprise Defender, Windows Antivirus Care, Windows Advanced User Patch, XP Smart Security, VirusSecurity, Windows Custodian Utility, Windows Safety Toolkit, Windows Smart Warden, Windows Protection Unit, Best Antivirus Software, Activate Ultimate Protection, CleanUp Antivirus, Home Safety Essentials, Windows Sleek Performance, Windows Internet Booster, Windows ProSecurity Scanner, Windows Pro Defence, Smart Internet Protection 2011, Windows Process Director, Windows Activity Debugger, Windows Antivirus Patch, Windows Smart Partner, Keep Center Keeper, Windows Home Patron, Windows Interactive Security, Windows Stability Guard, Windows AntiHazard Center, Windows Private Shield, Smart Virus Eliminator, Windows Shielding Utility, Windows Safety Manager, Windows ProSecure Scanner, Windows Daily Adviser, Windows Proactive Safety, Windows Turnkey Console, Windows Instant Scanner, Windows Expert Series, Security Master AV, Windows Software Keeper, Windows Warding System, Windows Custom Safety, Fast Antivirus 2009, Home Malware Cleaner, Best Malware Protection, PrivacyGuard PRO, Smart Security, Windows Risk Minimizer, Enterprise Suite, Windows Threats Destroyer, Security Antivirus, Windows Safety Module, Anti-Malware Lab, Windows Functionality Checker, Windows Interactive Safety, Windows Guardian Angel, Windows Premium Defender, Windows Trouble Taker, Strong Malware Defender, Windows Performance Catalyst, Windows Efficiency Accelerator, PC Live Guard, Antivirus Smart Protection, Windows Basic Antivirus, Windows First-Class Protector, Virus Doctor, Windows Pro Safety Release, Smart Anti-Malware Protection, Windows PRO Scanner, Windows Enterprise Suite, Windows Maintenance Guard, Windows Advanced Toolkit, Windows Shield Tool, Internet Security Essentials, Windows Safeguard Upgrade, Windows Custom Management, Windows Security System, Personal Internet Security 2011, Windows Profound Security, Windows Secure Workshop, Windows Antivirus Rampart, Windows Pro Solutions, Smart Internet Protection 2012, Total Anti Malware Protection, Windows Web Combat, Windows No-Risk Agent, Windows Pro Safety, Windows Protection Maintenance, Windows PC Aid, Windows Antivirus Release, Live Enterprise Suite, My Security Engine, Windows Performance Adviser, Windows Antihazard Solution, Windows Privacy Counsel, Volcano Security Suite, Windows Security Suite, Windows Multi Control System, Windows Guard Solutions, System Protection Tools, Windows Secure Web Patch, Windows Virtual Security, Windows Malware Sleuth, Windows High-End Protection, Windows Ultimate Security Patch, Windows Problems Stopper, Windows Safety Wizard, Windows Maintenance Suite, Windows Telemetry Center, Windows Pro Rescuer, Windows Virtual Angel, Extra Antivirus, Windows Secure Workstation, Additional Guard, Windows Defending Center, Windows Abnormality Checker, Windows Active Defender, Personal Security Sentinel, Windows Firewall Constructor, Windows Antivirus Machine, Windows Privacy Extension, Live PC Care, Windows Secure Surfer, Windows System Defender, My Security Shield, Windows AntiHazard Helper, Windows Premium Console, Windows Software Saver, Windows Pro Web Helper, Windows Advanced Security Center, Windows Security Renewal, Windows No-Risk Center, Internet Security Suite, Windows Protection Master, Windows Proprietary Advisor, Windows Care Taker, Windows Virtual Firewall, Windows Safety Series, Windows Premium Guard, Windows Safety Checkpoint, Windows Personal Doctor, Windows Control Series, Windows Managing System, Windows Crucial Scanner, Windows Privacy Module, Windows Tools Patch, Windows Be-on-Guard Edition, Windows Virus Hunter, My Security Wall, Windows Debug Center, Windows Safety Maintenance, Windows Guard Tools, Windows Active Guard, Smart Engine, Windows Defence Counsel, Windows Web Commander and Windows Ultimate Safeguard. Instead of spending your money on a product that can’t do anything that Windows Health Keeper advertises, it is recommended by SpywareRemove.com malware research that you treat Windows Health Keeper like any other PC threat and remove Windows Health Keeper with real security software. However, you may also need to use added security measures to stop Windows Health Keeper from starting before you can delete Windows Health Keeper completely.

Windows Health Keeper Automatic Detection Tool (Recommended)


Is your PC infected with Windows Health Keeper? To safely & quickly detect Windows Health Keeper, we highly recommend you run the malware scanner listed below.



Visual & GUI Characteristics


Windows Health Keeper Screenshot 2Windows Health Keeper Screenshot 3Windows Health Keeper Screenshot 4Windows Health Keeper Screenshot 5Windows Health Keeper Screenshot 6Windows Health Keeper Screenshot 7Windows Health Keeper Screenshot 8Windows Health Keeper Screenshot 9Windows Health Keeper Screenshot 10Windows Health Keeper Screenshot 11

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 Windows Health Keeper.lnk 607
    2 %APPDATA%\ Protector-auq.exe 37
    3 %LOCALAPPDATA%\ Protector-aof.exe 16
    4 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
    5 %AppData%\NPSWF32.dll N/A
    6 %AppData%\result.db N/A
    7 %Desktop%\Windows Health Keeper.lnk N/A
    8 %CommonStartMenu%\Programs\Windows Health Keeper.lnk N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rnkkhbcsqe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Posted: March 17, 2012 | By
Share:
Follow Me on Pinterest More More
Threat Level: 10/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 23

One Comment

Leave a Reply

What is 3 + 5 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)