Windows Maintenance Suite

Windows Maintenance Suite Description

Windows Maintenance Suite Screenshot 1Windows Maintenance Suite, rather than being the all-in-one security suite that Windows Maintenance Suite claims to be, is a scamware product that displays inaccurate alerts about malware and other PC threats without even a cursory attempt at verifying the validity of its warnings. malware experts have also traced Windows Maintenance Suite’s lineage back to identical members of FakeVimes, a group of fake anti-malware scanners that are well-known for causing search engine redirects and attacking legitimate security programs. While Windows Maintenance Suite may be limited to attacking Windows, all modern versions of Windows should be considered at risk for a Windows Maintenance Suite infection, which should be removed by qualified security software whenever manageable.

Why Maintaining a Safe Distance from Windows Maintenance Suite is What’s Best for Your PC

Windows Maintenance Suite acts and looks like an anti-malware scanner in the most superficial terms possible, but as far as actual security features go, Windows Maintenance Suite’s contributions are wholly negative. Windows Maintenance Suite is an active danger to your computer rather than helpful software. Symptoms of Windows Maintenance Suite’s attacks that malware researchers are familiarized with include:
  • Inaccurate pop-up alerts about malicious software or attacks against your PC. Alerts may be used to imply the presence of specific types of PC threat, as in the following example:
    Warning! Virus Detected
    Threat detected: FTP Server
    Infected file: C:\Windows\System32\dllcache\wmpshell.dll

    Alternately, alerts may simply warn you about a nonexistent attack without specifying the software that’s supposedly behind it, as in the contrasting example shown here:

    Warning! Identity theft attempt detected
    Hidden connection IP:
    Target: Microsoft Corporation keys
  • Blocked applications that Windows Maintenance Suite pretends are infected or damaged in some way.

    » Learn more about SpyHunter's Spyware Detection Tool
    and steps to uninstall SpyHunter.

    These applications may be blocked at memory-level (by shutting down memory processes as Windows Maintenance Suite identifies them) or sabotaged (by removing relevant Registry entries) to prevent them from functioning at all. Programs that Windows Maintenance Suite may block include firewall utilities, anti-virus scanners, Task Manager and other Windows security tools.
  • You may also be attacked by online search redirects that expose you to unusual or hostile sites, especially sites that serve as spam-based search engines. Windows Maintenance Suite’s search redirects use a method that lets them function in all types of web browsers.

Blocking the Second Half of Windows Maintenance Suite’s Two-Part Hoax

Windows Maintenance Suite’s primary mission on your PC is to bamboozle you into paying for its registration key – all while pretending that doing so will grant you access to a new level of Windows Maintenance Suite-based protection that can remove all of its fake PC threats. Since malware researchers have emphasized Windows Maintenance Suite’s utter inability to deal with any type of real PC threat, you should never feel as though you need to spend money on Windows Maintenance Suite or any other member of Win32/FakeVimes such as PrivacyGuard PRO, Windows Privacy Module, Anti-Malware Lab, Home Safety Essentials, Windows Guard Tools, Windows Personal Doctor, Windows Malware Sleuth, Windows Control Series, Windows Software Keeper, Windows Pro Rescuer, Antivirus Smart Protection, Best Antivirus Software, Windows Advanced Toolkit, Windows Privacy Counsel, Windows AntiBreach Suite, Windows Security Renewal, Windows Guardian Angel, Windows Activity Booster, Windows Private Shield, Windows Antivirus Tool, Windows Antivirus Patch, Malware Protection, Windows Defence Counsel, Windows Antivirus Machine, Windows Problems Stopper, Windows Telemetry Center, Windows Web Commander, Windows Secure Workshop, Windows Ultimate Safeguard, Home Malware Cleaner, Windows Foolproof Protector, Internet Security Essentials, Windows Internet Booster, Windows AntiHazard Center, Windows Safety Manager, Windows Malware Firewall, Windows Health Keeper, Windows Sleek Performance, Windows Expert Series, Windows PRO Scanner, Windows Prime Accelerator, Security Master AV, Windows Privacy Extension, Live Enterprise Suite, Smart Anti-Malware Protection, Extra Antivirus, Windows Virtual Protector, Smart Virus Eliminator and Windows PC Aid.

Because Windows Maintenance Suite has a high chance of interfering with deletion efforts, malware experts additionally recommend booting your PC from a removable media device or using Safe Mode. Both of these options are simple ways to disable Windows Maintenance Suite’s Registry-based startup routine. Either method will allow you to remove Windows Maintenance Suite without much trouble, provided you have access to even minimally competent anti-malware software.

Windows Maintenance Suite Automatic Detection Tool (Recommended)

Is your PC infected with Windows Maintenance Suite? To safely & quickly detect Windows Maintenance Suite we highly recommend you run the malware scanner listed below.

Visual & GUI Characteristics

Windows Maintenance Suite Screenshot 2Windows Maintenance Suite Screenshot 3Windows Maintenance Suite Screenshot 4Windows Maintenance Suite Screenshot 5Windows Maintenance Suite Screenshot 6Windows Maintenance Suite Screenshot 7Windows Maintenance Suite Screenshot 8Windows Maintenance Suite Screenshot 9Windows Maintenance Suite Screenshot 10

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %APPDATA%\ Protector-hhjq.exe 62
    2 %AppData%\NPSWF32.dll N/A
    3 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A
    4 %AppData%\result.db N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

Additional Information

  • The following messages's were detected:
    # Message
    Keylogger activity detected. System information security is at risk.
    It is recommended to activate protection and run a full system scan.
    Software without a digital signature detected.
    Your system files are at risk. We strongly advise you to activate your protection.
    3Error Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
    4Error Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
Posted: June 6, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 26

One Comment

  • phylliss smith says:

    we have been trying to remove windows maintenance for nearly 4 to 5 hours. it is becoming a really big deal, i have been completely locked out of all my programs and cannot access my task manager. I have had this computer since September 2011 and haven’t had not one single problem out of it and now all of a sudden I cant access my computer at all. This problem needs to be resolved as SOON as possible or I will notify the proper authorities including the FCC. Thank you…

Leave a Reply

What is 14 + 9 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)