Windows Maintenance Suite

Windows Maintenance Suite Description


Windows Maintenance Suite Screenshot 1Windows Maintenance Suite, rather than being the all-in-one security suite that Windows Maintenance Suite claims to be, is a scamware product that displays inaccurate alerts about malware and other PC threats without even a cursory attempt at verifying the validity of its warnings. SpywareRemove.com malware experts have also traced Windows Maintenance Suite’s lineage back to identical members of FakeVimes, a group of fake anti-malware scanners that are well-known for causing search engine redirects and attacking legitimate security programs. While Windows Maintenance Suite may be limited to attacking Windows, all modern versions of Windows should be considered at risk for a Windows Maintenance Suite infection, which should be removed by qualified security software whenever manageable.

Why Maintaining a Safe Distance from Windows Maintenance Suite is What’s Best for Your PC


Windows Maintenance Suite acts and looks like an anti-malware scanner in the most superficial terms possible, but as far as actual security features go, Windows Maintenance Suite’s contributions are wholly negative. Windows Maintenance Suite is an active danger to your computer rather than helpful software. Symptoms of Windows Maintenance Suite’s attacks that SpywareRemove.com malware researchers are familiarized with include:
  • Inaccurate pop-up alerts about malicious software or attacks against your PC. Alerts may be used to imply the presence of specific types of PC threat, as in the following example:
    Warning! Virus Detected
    Threat detected: FTP Server
    Infected file: C:\Windows\System32\dllcache\wmpshell.dll


    Alternately, alerts may simply warn you about a nonexistent attack without specifying the software that’s supposedly behind it, as in the contrasting example shown here:

    Warning! Identity theft attempt detected
    Hidden connection IP: 128.154.26.11
    Target: Microsoft Corporation keys
  • Blocked applications that Windows Maintenance Suite pretends are infected or damaged in some way.
    DOWNLOAD NOW

    » Learn more about SpyHunter's Spyware Detection Tool
    and steps to uninstall SpyHunter.

    These applications may be blocked at memory-level (by shutting down memory processes as Windows Maintenance Suite identifies them) or sabotaged (by removing relevant Registry entries) to prevent them from functioning at all. Programs that Windows Maintenance Suite may block include firewall utilities, anti-virus scanners, Task Manager and other Windows security tools.
  • You may also be attacked by online search redirects that expose you to unusual or hostile sites, especially sites that serve as spam-based search engines. Windows Maintenance Suite’s search redirects use a method that lets them function in all types of web browsers.

Blocking the Second Half of Windows Maintenance Suite’s Two-Part Hoax


Windows Maintenance Suite’s primary mission on your PC is to bamboozle you into paying for its registration key – all while pretending that doing so will grant you access to a new level of Windows Maintenance Suite-based protection that can remove all of its fake PC threats. Since SpywareRemove.com malware researchers have emphasized Windows Maintenance Suite’s utter inability to deal with any type of real PC threat, you should never feel as though you need to spend money on Windows Maintenance Suite or any other member of Win32/FakeVimes such as Windows Antivirus Patch, Windows Virtual Security, Windows Activity Booster, Windows Software Saver, Windows Enterprise Defender, Windows Shield Tool, Windows Web Commander, Keep Center Keeper, Windows Web Combat, XP Smart Security, Windows AntiHazard Center, Windows ProSecurity Scanner, Windows Enterprise Suite, Windows Safety Maintenance, Windows Ultimate Booster, Windows Secure Workshop, System Smart Security, Windows Antivirus Booster, Windows Antivirus Patrol, Enterprise Suite, Windows Defence Master, Windows Virtual Angel, Windows No-Risk Center, Windows Prime Shield, Windows Prime Booster, Windows Custodian Utility, Smart Security, Windows Guard Solutions, Windows Tools Patch, Antivirus Smart Protection, Windows Threats Destroyer, Windows Prime Accelerator, Windows Profound Security, Windows Risk Minimizer, Windows Security Suite, Windows Privacy Extension, Windows Safeguard Upgrade, Windows Multi Control System, Windows Antivirus Helper, Windows Security Renewal, Windows Security Booster, Windows Pro Safety, Windows AntiHazard Helper, Windows Safety Series, Windows Advanced User Patch, Windows Home Patron, Live Enterprise Suite, Windows Interactive Safety and Windows Paramount Protection.

Because Windows Maintenance Suite has a high chance of interfering with deletion efforts, SpywareRemove.com malware experts additionally recommend booting your PC from a removable media device or using Safe Mode. Both of these options are simple ways to disable Windows Maintenance Suite’s Registry-based startup routine. Either method will allow you to remove Windows Maintenance Suite without much trouble, provided you have access to even minimally competent anti-malware software.

Windows Maintenance Suite Automatic Detection Tool (Recommended)


Is your PC infected with Windows Maintenance Suite? To safely & quickly detect Windows Maintenance Suite we highly recommend you run the malware scanner listed below.



Visual & GUI Characteristics


Windows Maintenance Suite Screenshot 2Windows Maintenance Suite Screenshot 3Windows Maintenance Suite Screenshot 4Windows Maintenance Suite Screenshot 5Windows Maintenance Suite Screenshot 6Windows Maintenance Suite Screenshot 7Windows Maintenance Suite Screenshot 8Windows Maintenance Suite Screenshot 9Windows Maintenance Suite Screenshot 10

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %APPDATA%\ Protector-hhjq.exe 62
    2 %AppData%\NPSWF32.dll N/A
    3 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A
    4 %AppData%\result.db N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

Additional Information

  • The following messages's were detected:
    # Message
    1Error
    Keylogger activity detected. System information security is at risk.
    It is recommended to activate protection and run a full system scan.
    2Error
    Software without a digital signature detected.
    Your system files are at risk. We strongly advise you to activate your protection.
    3Error Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
    4Error Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
Posted: June 6, 2012 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 26

One Comment

  • phylliss smith says:

    we have been trying to remove windows maintenance for nearly 4 to 5 hours. it is becoming a really big deal, i have been completely locked out of all my programs and cannot access my task manager. I have had this computer since September 2011 and haven’t had not one single problem out of it and now all of a sudden I cant access my computer at all. This problem needs to be resolved as SOON as possible or I will notify the proper authorities including the FCC. Thank you…

Leave a Reply

What is 2 + 10 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)