Windows Maintenance Guard
Windows Maintenance Guard Description
Windows Maintenance Guard is one of the most recent variants of scamware from the FakeVimes family, a group of rogue anti-malware programs that use fake pop-up alerts and similar security ‘features’ to persuade victims to part with their money. Although Windows Maintenance Guard isn’t able to identify or remove PC threats, Windows Maintenance Guard does possess substantial features with respect to causing online search redirects, blocking actual security programs or attacking your Windows security settings.
Windows Maintenance Guard’s Failing Grade at PC Safety
By borrowing the basic looks of Windows Security Center and appearing to include features like an anti-phishing barrier and an ‘advanced process control’ memory manager, Windows Maintenance Guard may seem to be able to solve all your computer security problems. However, as is typical for a security product that looks as though it can do more than all of the big-name brands put together, Windows Maintenance Guard actually is a fake anti-malware program without any working security functions to its name. SpywareRemove.com malware researchers especially note that Windows Maintenance Guard’s scamware traits come into evidence after observation of its pop-up warnings and system scans, which always display negative results that aren’t corroborated by reputable anti-malware scanners.
Windows Maintenance Guard’s fake security data can include both warnings about live attacks and infection alerts, including identifying real (but not present on your hard drive) viruses, Trojans and similar types of high-level PC threats. Since Windows Maintenance Guard will also display these pop-ups in conjunction with blocking unrelated programs, you may be unable to access security software to expedite Windows Maintenance Guard’s removal until you disable Windows Maintenance Guard itself. SpywareRemove.com malware researchers recommend Safe Mode or a system boot from a removable media device (IE, a USB drive, etc) to stop Windows Maintenance Guard from launching without consent.
The Danger of Trusting Windows Maintenance Guard for Your Computer
While ignoring Windows Maintenance Guard’s fake security information is a good start to dealing with Windows Maintenance Guard, SpywareRemove.com malware experts advise against allowing Windows Maintenance Guard to remain on your computer once Windows Maintenance Guard is identified. As a member of the FakeVimes family Windows Maintenance Guard may also use security-damaging attacks against your PC. Some of Windows Maintenance Guard clones are Windows Malware Sleuth, Smart Virus Eliminator, Windows Firewall Constructor, Windows Basic Antivirus, Windows Premium Guard, Windows ProSecurity Scanner, Windows Antivirus Machine, Windows Safety Manager, Home Malware Cleaner, Windows Personal Doctor, Windows Pro Safety, Windows Multi Control System, Windows Smart Warden, Best Antivirus Software, Windows Web Combat, Personal Security Sentinel, Windows Antivirus Care, Windows Anti-Malware Patch, Live Enterprise Suite, Strong Malware Defender, Windows Custom Management, Security Master AV, Windows Private Shield, Windows Antivirus Release, Windows Secure Workstation, PrivacyGuard PRO, Volcano Security Suite, XP Smart Security, Internet Security Suite, Smart Internet Protection 2011, Antivirus Smart Protection, Windows Software Keeper, Virus Doctor, Total Anti Malware Protection, Smart Internet Protection 2012, Windows Safety Maintenance, Windows Safety Wizard, Fast Antivirus 2009, My Security Shield, Windows Debug Center, Windows Telemetry Center, Windows Active Defender, Windows Care Taker, Windows No-Risk Agent, Windows Safety Series, Windows Safety Module, Windows Pro Defence, Windows Secure Surfer, Windows Privacy Extension, Windows Protection Master, Windows ProSecure Scanner, Windows Proprietary Advisor, Windows Ultimate Safeguard, Windows Active Guard, System Protection Tools, Windows Profound Security, Keep Center Keeper, Smart Security, Windows AntiHazard Helper, Windows Efficiency Accelerator, Windows Custodian Utility, Windows Crucial Scanner, Windows Process Director, Extra Antivirus, Windows Daily Adviser, Windows PC Aid, Windows Smart Partner, Windows Secure Workshop, Windows Stability Guard, Windows Secure Web Patch, Windows Virtual Angel, Windows System Defender, Windows Privacy Counsel, Windows Web Commander, Windows Maintenance Suite, Windows Tools Patch, Windows Safety Checkpoint, Live PC Care, Windows Pro Web Helper, Windows Virus Hunter, Windows Safeguard Upgrade, Enterprise Suite, Windows Problems Stopper, Windows Proactive Safety, Internet Security Essentials, Best Malware Protection, Windows Defending Center, Windows Security Renewal, Home Safety Essentials, Windows Guardian Angel, Windows Performance Adviser, Windows Shield Tool, Windows Shielding Utility, Windows Be-on-Guard Edition, Windows Sleek Performance, Personal Internet Security 2011, Windows Security Suite, Windows Enterprise Suite, Windows PRO Scanner, Windows Abnormality Checker, Windows Custom Safety, Windows Threats Destroyer, Windows No-Risk Center, Windows High-End Protection, Windows Ultimate Security Patch, Windows Functionality Checker, My Security Wall, Windows Antivirus Rampart, Windows Activity Debugger, Windows Internet Booster, Windows Protection Maintenance, Windows Virtual Firewall, Smart Engine, Windows Performance Catalyst, Windows Managing System, Windows Advanced Security Center, Windows Interactive Safety, Windows Risk Minimizer, Windows Guard Solutions, Windows Guard Tools, Windows Protection Unit, Windows Instant Scanner, Windows Enterprise Defender, Windows Advanced Toolkit, Windows Pro Solutions, VirusSecurity, Windows Virtual Security, Windows Advanced User Patch, Windows Privacy Module, Windows Health Keeper, Windows Pro Rescuer, My Security Engine, Windows Home Patron, Security Antivirus, Smart Anti-Malware Protection, Activate Ultimate Protection, Windows AntiHazard Center, Windows Trouble Taker, Windows Interactive Security, Windows Antivirus Patch, Windows Software Saver, Windows Control Series, Windows Premium Console, Additional Guard, Windows Pro Safety Release, Windows Premium Defender, Windows Antihazard Solution, Windows Turnkey Console, Windows First-Class Protector, CleanUp Antivirus, Windows Warding System, PC Live Guard, Windows Safety Toolkit, Windows Defence Counsel, Windows Security System, Windows Expert Series and Anti-Malware Lab. The most prominent attacks that Windows Maintenance Guard and its relatives are capable of utilizing are noted below:
- Windows Maintenance Guard may expose you to malicious sites by redirecting your web browser-based searches.
- Likewise, your browser’s ability to protect your PC against improperly-identified (via signatures) files may also be attacked by Windows Maintenance Guard’s system Registry changes.
- Legitimate security programs, including anti-malware scanners and firewall utilities, may also be blocked by Windows Maintenance Guard, either at the Registry level or the system memory level. In cases of the former, restoring the Registry or reinstalling affected applications may be required, although, for the latter, Maintenance Guard malware researchers have found that merely disabling Windows Maintenance Guard will prove effective.
As a closing point, it should be stressed that Windows Maintenance Guard should never be treated as a legitimate software product or be purchased, since this can allow criminals to gain access to confidential fiscal information.
Windows Maintenance Guard Automatic Detection Tool (Recommended)
Is your PC infected with Windows Maintenance Guard? To safely & quickly detect Windows Maintenance Guard, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Windows Maintenance Guard
What happens if Windows Maintenance Guard does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 Windows Maintenance Guard.lnk 520 2 %APPDATA%\ Protector-yvqj.exe 248 3 %AppData%\NPSWF32.dll N/A 4 %AppData%\result.db N/A 5 %AppData%\1st$0l3th1s.cnf N/A 6 Protector-[RANDOM 3 CHARACTERS].exe N/A 7 Protector-[RANDOM 4 CHARACTERS].exe N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-18_7"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "idhsudrgrf"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Additional Information
- The following messages's were detected:
# Message 1 Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended.2 Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
Posted: June 18, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(1 votes, average: 5.00 out of 5)
Loading ...Rate this article:
Detection Count: 52
I can’t find any files on my computer