Windows Ultimate Booster

Windows Ultimate Booster Description

Windows Ultimate Booster is a common example of rogue anti-malware programs that change their brand names to avoid being identified by casual PC users while keeping everything else about their ‘products’ the same. Belying its appearance as an anti-malware scanner, Windows Ultimate Booster is unable to find or delete real threats, but will provide fake alerts and fake system scans to the contrary. The intent behind these attacks is to force victims to spend money on Windows Ultimate Booster’s ‘full version,’ but malware researchers recommend the opposite: terminating and then deleting Windows Ultimate Booster with real anti-malware products wherever Windows Ultimate Booster is seen.

Why You Shouldn’t Pay the High Cost of this Anti-Malware ‘Booster’

Windows Ultimate Booster just is one of a very many individual programs associated with the FakeVimes family of scamware, although Windows Ultimate Booster also bears resemblance to the similar family of FakeRean. Whatever its origins might be, Windows Ultimate Booster is a confirmed fake security product that misleads its victims by providing inaccurate pop-up alerts, in addition to faking scans of your PC, which always return ‘infected’ results. Similar fake scans also may be used in other kinds of attacks that could install Windows Ultimate Booster through unsafe websites, as is typical for the FakePAV family.

The meat of Windows Ultimate Booster’s tactic lies in its attempts to make you believe that registering Windows Ultimate Booster, which, of course, costs money, is the easiest way to block and uninstall all of the threats that Windows Ultimate Booster detects.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

However, since malware experts easily verified that Windows Ultimate Booster can’t detect legitimate PC threats of any stripe, there’s no reason to spend your money on Windows Ultimate Booster. Despite its looks, Windows Ultimate Booster should be considered the same as any other threatening program, just like the related Windows Interactive Security, Windows Crucial Scanner, Windows Expert Series, Windows High-End Protection, Windows Advanced Security Center, Windows Security Master, Windows Antivirus Suite, Smart Internet Protection 2012, Best Malware Protection, Windows Web Commander, Windows Virtual Angel, Security Antivirus, Windows Paramount Protection, Windows Multi Control System, Windows Processes Accelerator, Windows Foolproof Protector, Windows Pro Rescuer, Windows Abnormality Checker, Anti-Malware Lab, Personal Internet Security 2011, Windows Malware Sleuth, Windows Active HotSpot, Windows Safeguard Upgrade, Windows Personal Detective, Windows AntiHazard Center, Windows Functionality Checker, Windows Tools Patch, Windows Warding Module, Windows Accelerator Pro, Smart Engine, Windows Command Processor, Virus Doctor, Fake Windows Antivirus 2012, Smart Internet Protection 2011, Windows Cleaning Tools, Windows Secure Workshop, Windows Software Keeper, Windows Safety Series, Windows Anti-Malware Patch, Windows Antibreaking System, Windows Maintenance Guard, Windows Efficiency Kit, Windows Custom Management, My Security Engine, Windows Premium Guard, Windows Antivirus Booster, Windows Antivirus Care, Windows Cleaning Toolkit and Windows Antihazard Solution.

The Ultimate Boost… into a Software Lockdown

Although Windows Ultimate Booster’s main purpose of existence lies in its fake anti-malware ‘features,’ malware researchers also have a second reason for being concerned with Windows Ultimate Booster: the fact that Windows Ultimate Booster can block other programs. Windows Ultimate Booster is expected to use this attack primarily for supporting its claims of other programs being compromised by threats, but also may deny you any access to important security tools, such as Task Manager, software updaters or a real anti-malware scanner. This particular symptom of a Windows Ultimate Booster infection makes Windows Ultimate Booster an immediate threat to the security of your computer.

Windows Ultimate Booster blocks other programs by monitoring your memory processes and terminating ones with names on its blacklist. While this is effective, it also allows you to ignore it once Windows Ultimate Booster, itself, has been terminated. Malware researchers recommend that you do so through the Safe Mode feature or through rebooting from an emergency OS, which will render removing Windows Ultimate Booster trivial.

Windows Ultimate Booster Automatic Detection Tool (Recommended)

Is your PC infected with Windows Ultimate Booster? To safely & quickly detect Windows Ultimate Booster we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %APPDATA%\ svc-mamk.exe 5
    2 Windows Ultimate Booster.lnk 103
    3 %AppData%\data.sec N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = %AppData%\svc-.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPPHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd

Additional Information

  • The following messages's were detected:
    # Message
    System data security is at risk!
    To prevent potential PC errors, run a full system scan.
    Trojan activity detected. System integrity at risk.
    Full system scan is highly recommended.
    3Firewall has blocked a program from accessing the Internet
    C:\Program Files\Internet Explorer\iexplore.exe
    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.
    4Warning! Identity theft attempt detected
    Hidden connection IP:
    Target: Microsoft Corporation keys
    Your IP:
Posted: January 28, 2014 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 274

One Comment

Leave a Reply

What is 9 + 4 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)