Windows PC Aid

Windows PC Aid Description

Windows PC Aid has the looks of an anti-malware program but not the actual PC threat-detection or deletion features to back it up. With telltale fake features like an Advanced Process Control and All-in-one Suite, Windows PC Aid is easily recognizable as another clone to emerge from FakeVimes. This group of scamware has been known to cause browser hijacks, damage to unrelated (and actually legitimate) security programs and, of course, a variety of fake system alerts to make you think that you need to spend money on this rogue security software. Instead of frittering away money on Windows PC Aid’s dysfunctional security features, SpywareRemove.com malware researchers suggest disabling and then deleting Windows PC Aid with your preferred choice of real anti-malware scanner.

Windows PC Aid: the Worst Kind of Assistance Your PC Could Get

With its strategies well-honed from past iterations of FakeVimes-based fake anti-malware programs, Windows PC Aid has plenty of security information to offer you, but its pop-up warnings, toolbar notifications and system scans are all bluffs that alert you to attacks that aren’t taking place. System scans from Windows PC Aid will always display negative results even if the only malicious software on your PC is Windows PC Aid itself, and SpywareRemove.com malware researchers have found that Windows PC Aid’s pop-ups can range from identity theft alerts to warnings about malware like keyloggers.

Windows PC Aid would like you to respond to its fake attempts at ‘protecting’ your computer by accepting your money in exchange for a registration key. Naturally, there’s no gain to be had in purchasing Windows PC Aid, although you may want to fake Windows PC Aid’s registration with freely-distributed codes prior to attempting disinfection. SpywareRemove.com malware researchers also warn that many of Windows PC Aid’s alerts are designed to imitate normal system messages and that you should assume that Windows PC Aid is active until you’ve taken explicit steps to disable Windows PC Aid from starting.

The Hammer to Windows PC Aid’s Nail

Although it’s the bad security information that makes victims fear about multiple threats against their computer, where Windows PC Aid truly tries to seal the deal is in the sabotage that Windows PC Aid uses in stealth. Some of the worst security attacks that SpywareRemove.com malware experts rate as likely during any Windows PC Aid infection consist of:

• Disabled Windows features and applications that are linked to security – including the UAC, Task Manager and utilities for viewing or modifying the Windows Registry (which is exploited by Windows PC Aid in several ways).
• Hosts file-based browser redirects to harmful sites, especially redirects that alter your Google searches.
• Damaged anti-malware and security programs, including anti-virus scanners and firewall utilities.

Because Windows PC Aid will change various components of Windows in the course of these attacks, SpywareRemove.com malware experts recommend using anti-malware software to remove all of Windows PC Aid’s changes and diverse files. Similar precautions are also suggested for other members of Windows PC Aid’s family of scamware, such as Windows Safety Maintenance, Windows Privacy Module, Windows Custodian Utility, Windows Proactive Safety, Windows AntiHazard Helper, Windows Abnormality Checker, Windows Problems Stopper, Windows Security Renewal, Windows Guardian Angel, Windows Smart Warden, Windows Safety Checkpoint, Windows Virus Hunter, Personal Security Sentinel, Home Malware Cleaner, Windows Debug Center, Windows Safeguard Upgrade, My Security Wall, Smart Internet Protection 2011, Internet Security Essentials, Windows Firewall Constructor, Windows Secure Web Patch, Windows Telemetry Center, Windows Home Patron, Windows Security Suite, Windows Pro Rescuer, Virus Doctor, Smart Engine, Windows Activity Debugger, Windows High-End Protection, Windows Control Series, Windows Antivirus Machine, Activate Ultimate Protection, Smart Internet Protection 2012, Windows Enterprise Defender, Smart Anti-Malware Protection, Windows Performance Catalyst, Windows Guard Tools, PrivacyGuard PRO, Windows Antivirus Care, Windows Secure Workshop, PC Live Guard, My Security Shield, Windows Tools Patch, Windows Protection Unit, Windows Efficiency Accelerator, Windows Maintenance Guard, Total Anti Malware Protection, Windows Antivirus Release, VirusSecurity, Windows Safety Module, Windows Turnkey Console, Smart Virus Eliminator, Windows Interactive Security, Windows Premium Defender, Windows Expert Series, Windows Active Guard, Windows Daily Adviser, Windows Health Keeper, Windows Advanced Security Center, Windows Custom Management, Windows Enterprise Suite, Windows Web Combat, Windows Interactive Safety, Windows Ultimate Security Patch, Internet Security Suite, Best Antivirus Software, Windows Pro Safety Release, Windows Virtual Angel, Windows Virtual Security, Windows Custom Safety, Home Safety Essentials, System Protection Tools, Windows Proprietary Advisor, Live PC Care, CleanUp Antivirus, Windows Advanced Toolkit, Windows No-Risk Center, Windows Functionality Checker, Windows Guard Solutions, Keep Center Keeper, Windows Pro Web Helper, Windows Ultimate Safeguard, Live Enterprise Suite, Windows Multi Control System, Windows Risk Minimizer, Windows Antihazard Solution, Windows Be-on-Guard Edition, Additional Guard, XP Smart Security, Windows Performance Adviser, Windows Privacy Counsel, Windows Shielding Utility, Windows Safety Toolkit, Fast Antivirus 2009, Windows Protection Master, Windows Advanced User Patch, Windows Privacy Extension, Security Master AV, Windows Virtual Firewall, Extra Antivirus, Windows System Defender, Windows Smart Partner, Windows ProSecurity Scanner, Windows Maintenance Suite, Windows Sleek Performance, Windows Safety Wizard, Windows Defending Center, Security Antivirus, My Security Engine, Windows Malware Sleuth, Windows PRO Scanner, Windows Process Director, Personal Internet Security 2011, Windows Software Keeper, Windows Safety Manager, Windows Internet Booster, Windows Web Commander, Windows Software Saver, Windows Pro Safety, Windows Crucial Scanner, Anti-Malware Lab, Windows Threats Destroyer, Windows Protection Maintenance, Strong Malware Defender, Windows Shield Tool, Windows First-Class Protector, Windows Stability Guard, Volcano Security Suite, Smart Security, Windows Antivirus Patch, Windows Managing System, Windows Secure Surfer, Windows Secure Workstation, Windows No-Risk Agent, Windows Premium Guard, Best Malware Protection, Windows Trouble Taker, Windows Pro Solutions, Windows Antivirus Rampart, Windows Anti-Malware Patch, Enterprise Suite, Windows Defence Counsel, Windows Warding System, Windows Care Taker, Windows Instant Scanner, Windows Premium Console, Windows Active Defender, Windows Pro Defence, Windows Personal Doctor, Windows Private Shield, Windows Profound Security, Antivirus Smart Protection, Windows Safety Series, Windows Basic Antivirus, Windows ProSecure Scanner, Windows Security System and Windows AntiHazard Center.

Windows PC Aid Automatic Detection Tool (Recommended)

Visual & GUI Characteristics

Technical Details

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\oftware\Microsoft\Windows\CurrentVersion\Run\Windows PC Aid”%CommonAppData%\58ef5\SP98c.exe” /s /dHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC AidHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\DisplayIcon [unknown dir]\[unknown file name].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\DisplayName Windows Malware FirewallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\DisplayVersion 1.1.0.1010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\InstallLocation [unknown dir]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\UninstallString “[unknown dir]\[unknown file name].exe” /delHKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
• The following CLSID's were detected:
  HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exeHKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandlerHKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}

Home Malware ProgramsRogue Anti-Virus Programs Windows PC Aid