Windows Ultimate Booster

Windows Ultimate Booster Description

Windows Ultimate Booster is a common example of rogue anti-malware programs that change their brand names to avoid being identified by casual PC users while keeping everything else about their ‘products’ the same. Belying its appearance as an anti-malware scanner, Windows Ultimate Booster is unable to find or delete real threats, but will provide fake alerts and fake system scans to the contrary. The intent behind these attacks is to force victims to spend money on Windows Ultimate Booster’s ‘full version,’ but malware researchers recommend the opposite: terminating and then deleting Windows Ultimate Booster with real anti-malware products wherever Windows Ultimate Booster is seen.

Why You Shouldn’t Pay the High Cost of this Anti-Malware ‘Booster’

Windows Ultimate Booster just is one of a very many individual programs associated with the FakeVimes family of scamware, although Windows Ultimate Booster also bears resemblance to the similar family of FakeRean. Whatever its origins might be, Windows Ultimate Booster is a confirmed fake security product that misleads its victims by providing inaccurate pop-up alerts, in addition to faking scans of your PC, which always return ‘infected’ results. Similar fake scans also may be used in other kinds of attacks that could install Windows Ultimate Booster through unsafe websites, as is typical for the FakePAV family.

The meat of Windows Ultimate Booster’s tactic lies in its attempts to make you believe that registering Windows Ultimate Booster, which, of course, costs money, is the easiest way to block and uninstall all of the threats that Windows Ultimate Booster detects.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

However, since malware experts easily verified that Windows Ultimate Booster can’t detect legitimate PC threats of any stripe, there’s no reason to spend your money on Windows Ultimate Booster. Despite its looks, Windows Ultimate Booster should be considered the same as any other threatening program, just like the related Windows Anti-Malware Patch, Windows Command Processor, Windows Prime Shield, Windows Internet Booster, Windows Performance Adviser, Windows Secure Web Patch, Windows Health Keeper, CleanUp Antivirus, Windows Privacy Counsel, Windows Guardian Angel, Windows Secure Workstation, My Security Engine, Smart Anti-Malware Protection, VirusSecurity, Windows Secure Workshop, Smart Engine, Windows Telemetry Center, Windows Antivirus Master, Windows Virtual Angel, Windows First-Class Protector, Windows ProSecurity Scanner, Fake Windows Antivirus 2012, Windows Antivirus Booster, Windows Cleaning Tools, Windows Antivirus Rampart, Windows Efficiency Accelerator, Windows No-Risk Center, Windows Warding Module, Windows Crucial Scanner, Live Enterprise Suite, Windows Activity Debugger, Windows Functionality Checker, Windows Premium Shield, XP Smart Security, Windows Premium Guard, Windows Profound Security, Windows Firewall Constructor, Windows Tools Patch, Windows Safety Toolkit, Windows Stability Maximizer, Malware Protection, Windows Expert Series, Windows Safety Wizard, Windows Web Commander, Windows Safety Module, Windows Advanced Security Center, Windows Internet Watchdog, Windows Debug Center and Windows Software Keeper.

The Ultimate Boost… into a Software Lockdown

Although Windows Ultimate Booster’s main purpose of existence lies in its fake anti-malware ‘features,’ malware researchers also have a second reason for being concerned with Windows Ultimate Booster: the fact that Windows Ultimate Booster can block other programs. Windows Ultimate Booster is expected to use this attack primarily for supporting its claims of other programs being compromised by threats, but also may deny you any access to important security tools, such as Task Manager, software updaters or a real anti-malware scanner. This particular symptom of a Windows Ultimate Booster infection makes Windows Ultimate Booster an immediate threat to the security of your computer.

Windows Ultimate Booster blocks other programs by monitoring your memory processes and terminating ones with names on its blacklist. While this is effective, it also allows you to ignore it once Windows Ultimate Booster, itself, has been terminated. Malware researchers recommend that you do so through the Safe Mode feature or through rebooting from an emergency OS, which will render removing Windows Ultimate Booster trivial.

Windows Ultimate Booster Automatic Detection Tool (Recommended)

Is your PC infected with Windows Ultimate Booster? To safely & quickly detect Windows Ultimate Booster we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %APPDATA%\ svc-mamk.exe 5
    2 Windows Ultimate Booster.lnk 103
    3 %AppData%\data.sec N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPPHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd

Additional Information

  • The following messages's were detected:
    # Message
    System data security is at risk!
    To prevent potential PC errors, run a full system scan.
    Trojan activity detected. System integrity at risk.
    Full system scan is highly recommended.
    3Firewall has blocked a program from accessing the Internet
    C:\Program Files\Internet Explorer\iexplore.exe
    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.
    4Warning! Identity theft attempt detected
    Hidden connection IP:
    Target: Microsoft Corporation keys
    Your IP:
Posted: January 28, 2014 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 321

One Comment

Leave a Reply

What is 12 + 7 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)