Windows Maintenance Suite
Windows Maintenance Suite Description
Windows Maintenance Suite, rather than being the all-in-one security suite that Windows Maintenance Suite claims to be, is a scamware product that displays inaccurate alerts about malware and other PC threats without even a cursory attempt at verifying the validity of its warnings. SpywareRemove.com malware experts have also traced Windows Maintenance Suite’s lineage back to identical members of FakeVimes, a group of fake anti-malware scanners that are well-known for causing search engine redirects and attacking legitimate security programs. While Windows Maintenance Suite may be limited to attacking Windows, all modern versions of Windows should be considered at risk for a Windows Maintenance Suite infection, which should be removed by qualified security software whenever manageable.Why Maintaining a Safe Distance from Windows Maintenance Suite is What’s Best for Your PC
Windows Maintenance Suite acts and looks like an anti-malware scanner in the most superficial terms possible, but as far as actual security features go, Windows Maintenance Suite’s contributions are wholly negative. Windows Maintenance Suite is an active danger to your computer rather than helpful software. Symptoms of Windows Maintenance Suite’s attacks that SpywareRemove.com malware researchers are familiarized with include:
- Inaccurate pop-up alerts about malicious software or attacks against your PC. Alerts may be used to imply the presence of specific types of PC threat, as in the following example:
Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll
Alternately, alerts may simply warn you about a nonexistent attack without specifying the software that’s supposedly behind it, as in the contrasting example shown here:
Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys - Blocked applications that Windows Maintenance Suite pretends are infected or damaged in some way.These applications may be blocked at memory-level (by shutting down memory processes as Windows Maintenance Suite identifies them) or sabotaged (by removing relevant Registry entries) to prevent them from functioning at all. Programs that Windows Maintenance Suite may block include firewall utilities, anti-virus scanners, Task Manager and other Windows security tools.
- You may also be attacked by online search redirects that expose you to unusual or hostile sites, especially sites that serve as spam-based search engines. Windows Maintenance Suite’s search redirects use a method that lets them function in all types of web browsers.
Blocking the Second Half of Windows Maintenance Suite’s Two-Part Hoax
Windows Maintenance Suite’s primary mission on your PC is to bamboozle you into paying for its registration key – all while pretending that doing so will grant you access to a new level of Windows Maintenance Suite-based protection that can remove all of its fake PC threats. Since SpywareRemove.com malware researchers have emphasized Windows Maintenance Suite’s utter inability to deal with any type of real PC threat, you should never feel as though you need to spend money on Windows Maintenance Suite or any other member of Win32/FakeVimes such as Fast Antivirus 2009, Windows Risk Minimizer, Windows Maintenance Guard, My Security Wall, Windows Safeguard Upgrade, Antivirus Smart Protection, Windows Antihazard Solution, Windows AntiHazard Helper, Windows Web Commander, Windows Performance Catalyst, Windows Antivirus Machine, Windows Control Series, Windows Anti-Malware Patch, Windows First-Class Protector, Windows Warding System, Windows Pro Safety Release, Windows Premium Console, Windows Private Shield, Windows Pro Defence, Windows Virus Hunter, Windows Tools Patch, Windows Guard Solutions, Windows Security System, Best Malware Protection, Home Malware Cleaner, Live Enterprise Suite, Windows Telemetry Center, Windows Crucial Scanner, Windows Health Keeper, Windows Antivirus Rampart, Windows Virtual Firewall, PrivacyGuard PRO, Windows Pro Safety, System Protection Tools, Windows Active Defender, Windows Protection Unit, Windows Process Director, Windows Turnkey Console, Windows Instant Scanner, Windows Defending Center, Windows Advanced Toolkit, Windows Proprietary Advisor, Windows Virtual Angel, Windows Daily Adviser, Windows Protection Maintenance, Windows Enterprise Defender, Personal Internet Security 2011, Home Safety Essentials, Windows Custodian Utility, Windows Expert Series, Windows Secure Web Patch, Smart Anti-Malware Protection, Windows Smart Partner, Windows System Defender, Windows Software Keeper, Windows Pro Rescuer, Strong Malware Defender, Windows Ultimate Safeguard, Windows Virtual Security, Smart Internet Protection 2012, Volcano Security Suite, VirusSecurity, Windows Active Guard, CleanUp Antivirus, Windows Guard Tools, Windows Privacy Counsel, PC Live Guard, My Security Shield, Security Antivirus, Windows No-Risk Agent, Windows AntiHazard Center, Windows Safety Series, Windows Abnormality Checker, Activate Ultimate Protection, Windows Custom Management, Windows Security Renewal, Smart Security, Smart Internet Protection 2011, Windows Managing System, Windows Antivirus Patch, Enterprise Suite, Live PC Care, Windows PRO Scanner, Windows Trouble Taker, Windows Premium Guard, Windows Ultimate Security Patch, Smart Engine, Windows Smart Warden, Windows Problems Stopper, Keep Center Keeper, Windows Guardian Angel, Windows Protection Master, Windows Firewall Constructor, Windows Advanced User Patch, Windows Advanced Security Center, Windows Personal Doctor, Windows No-Risk Center, Best Antivirus Software, Windows Home Patron, Windows Malware Sleuth, Windows Secure Workshop, Windows Activity Debugger, Windows Sleek Performance, Windows Pro Solutions, Windows Pro Web Helper, Windows Interactive Security, Windows Be-on-Guard Edition, Windows Multi Control System, Windows Custom Safety, Windows Enterprise Suite, Windows Shield Tool, Windows Proactive Safety, Windows Basic Antivirus, Windows Threats Destroyer, Windows Security Suite, Anti-Malware Lab, Windows Internet Booster, Windows ProSecurity Scanner, Windows Secure Workstation, Windows Stability Guard, Windows Privacy Extension, Windows Interactive Safety, Windows Performance Adviser, Windows Safety Manager, Windows Privacy Module, Windows Safety Wizard, Extra Antivirus, Windows Safety Checkpoint, Windows Care Taker, Windows Shielding Utility, Windows Efficiency Accelerator, Windows Web Combat, Personal Security Sentinel, Windows Debug Center, Windows High-End Protection, Windows Software Saver, Windows PC Aid, Internet Security Essentials, Windows Safety Module, Windows Safety Maintenance, Security Master AV, Windows Antivirus Care, Internet Security Suite, Windows Defence Counsel, Windows Safety Toolkit, Windows Premium Defender, Windows Antivirus Release, XP Smart Security, Windows ProSecure Scanner, My Security Engine, Windows Secure Surfer, Smart Virus Eliminator, Virus Doctor, Windows Functionality Checker, Additional Guard, Total Anti Malware Protection and Windows Profound Security.
Because Windows Maintenance Suite has a high chance of interfering with deletion efforts, SpywareRemove.com malware experts additionally recommend booting your PC from a removable media device or using Safe Mode. Both of these options are simple ways to disable Windows Maintenance Suite’s Registry-based startup routine. Either method will allow you to remove Windows Maintenance Suite without much trouble, provided you have access to even minimally competent anti-malware software.
Windows Maintenance Suite Automatic Detection Tool (Recommended)
Is your PC infected with Windows Maintenance Suite? To safely & quickly detect Windows Maintenance Suite, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Windows Maintenance Suite
What happens if Windows Maintenance Suite does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %APPDATA%\ Protector-hhjq.exe 145 2 %AppData%\NPSWF32.dll N/A 3 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A 4 %AppData%\result.db N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Additional Information
- The following messages's were detected:
# Message 1 Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.2 Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.3 Error Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan. 4 Error Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
Posted: June 6, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(No Ratings Yet)
Loading ...Rate this article:
Detection Count: 417
we have been trying to remove windows maintenance for nearly 4 to 5 hours. it is becoming a really big deal, i have been completely locked out of all my programs and cannot access my task manager. I have had this computer since September 2011 and haven’t had not one single problem out of it and now all of a sudden I cant access my computer at all. This problem needs to be resolved as SOON as possible or I will notify the proper authorities including the FCC. Thank you…