Windows Performance Catalyst
Posted: February 16, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 14,630 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 239 |
First Seen: | February 16, 2012 |
---|---|
Last Seen: | October 10, 2023 |
OS(es) Affected: | Windows |
Windows Performance Catalyst is a fake anti-malware application that uses error reports that are reminiscent of Microsoft Security Essentials to entice you into spending money on a purchasable version of Windows Performance Catalyst's program. Although Windows Performance Catalyst may appear to offer a diagnostic and threat removal features, SpywareRemove.com malware researchers warn that Windows Performance Catalyst isn't any better at fixing errors or deleting PC threats than any other member of its family – which is to say, Windows Performance Catalyst has no real security functions at all. Since Windows Performance Catalyst may also attack running processes and prevent you from accessing critical security programs, it's recommended that you remove Windows Performance Catalyst via standard PC security strategies (such as booting into Safe Mode) backed up by a trustworthy anti-malware scanner.
Windows Performance Catalyst – a PC Threat That Precedes Performance-Related Events That You'll Never Want to See Again
Windows Performance Catalyst is far from being a unique program, and actually can be considered identical in all significant respects to other rogue anti-malware products in its family, which is popularly identified as FakeVimes. Rogue anti-malware products from Windows Performance Catalyst's family have been known to be installed by Trojans that are used in drive-by-download attacks or distributed in the form of fake media updates. Other variants of FakePAV-based scamware like Windows Performance Catalyst include (but aren't limited to) Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.
Like its relatives, Windows Performance Catalyst will launch itself via Windows Registry-based exploits and begin bombarding your PC with fake alerts, fake system scans and fake percentile-based analyses of your computer's security status. Samples of warnings from Windows Performance Catalyst include the following and, as SpywareRemove.com malware researchers stress, should always be ignored as fraudulent:
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Warning!
Location: [Application file path]
Viruses: Backdoor.Win32.Rbot
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Name: [Application file name]
Name: [Application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Why You Shouldn't Want Windows Performance Catalyst's Memory-Scanning Protection
Rogue anti-malware products in the Windows Performance Catalyst's family have also been noted for their ability to scan your PC for undesirable memory processes and close them automatically. Although, in right hands, this could be considered a security feature, SpywareRemove.com malware experts have sadly observed that FakePAV rogue anti-malware programs like Windows Performance Catalyst will use this function to shut down benign programs, including security products, instant messengers, script packages and Google-brand utilities.
Since the above issue can make Windows Performance Catalyst a high-level threat to your computer's security instead of just a nuisance, you should delete Windows Performance Catalyst as soon as the first opportunity to do so is clear. To prevent Windows Performance Catalyst or related PC threats (such as Zlob Trojans) from blocking your security software in the removal process, you can use Safe Mode or an alternative OS source (such as a removable drive) to launch Windows without Windows Performance Catalyst or other PC threats also being launched. In normal cases, it's not recommended for you to attempt to remove Windows Performance Catalyst without help from appropriate anti-malware software due to the likelihood of other PC threats also being installed and capable of additional attacks.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\NPSWF32.dll
File name: %AppData%\NPSWF32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\result.db
File name: %AppData%\result.dbMime Type: unknown/db
Group: Malware file
%AppData%\Inspector-{3 random characters}.exe
File name: %AppData%\Inspector-{3 random characters}.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartMenu%\Programs\Windows Performance Catalyst.lnk
File name: %StartMenu%\Programs\Windows Performance Catalyst.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\Windows Performance Catalyst.lnk
File name: %UserProfile%\Desktop\Windows Performance Catalyst.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{random}.exe "Debugger"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.