Home Malware Programs Rogue Anti-Spyware Programs Ultimate Scan

Ultimate Scan

Posted: July 22, 2011

ScreenshotUltimate Scan is a counterfeit anti-spyware and general security scanner that passes off a cheap imitation of security features as the real thing. With close ties to other rogue security programs and fraudulent websites that are well-known to our research team, Ultimate Scan is suspicious enough if judged simply by its acquaintances. The utter lack of real anti-virus, anti-spyware or other security features in Ultimate Scan are just nails hammering shut the coffin of Ultimate Scan's theoretical respectability. Due to all of the above reasons, as well as the fact that Ultimate Scan may be accompanied by trojans and other threats, it's suggested that you delete Ultimate Scan with a robust anti-malware product.

The Ultimate Truth Behind Ultimate Scan

Ultimate Scan is part of a recent (dating roughly from July of 2011) rogue security product subgroup that sells its individual members on several websites, with different names but the same attacks and visual templates. Our malware experts have come to the conclusion that all of Ultimate Scan's earnest marketing has no basis in reality, and an equally earnest inspection of Ultimate Scan hasn't turned up even one genuine anti-spyware feature.

Ultimate Scan may create error messages that caution you about infections that supposedly are on your PC, but these infections are as fake as Ultimate Scan itself, and all scanner results and other communications from Ultimate Scan should be distrusted. As long as Ultimate Scan is on your computer, you may also find your browser redirected to suspicious websites like the following:

  • clean-security.com
  • unlimdefender.com
  • unlimguard.com
  • ultimate-guard.com
  • ultimate-scan.com

Our malware analysts have found that each of these websites markets Ultimate Scan or a clone of Ultimate Scan. Currently-available clone names include Unlimited Defender, Ultimate Guard, XP Antivirus 2012, Vista Security 2012, Win 7 Security 2012, and Windows XP Repair. All of the above, as well as Ultimate Scan, may be referenced with or without a '2011' tag; for example, Ultimate Scan 2011 and Ultimate Scan should be considered the same rogue application.

Any contact with the listed websites can be hazardous, since such website are known to harbor trojans such as a href="/removeZlob.html" title="Remove Zlob">Zlob and Fake Microsoft Security Essentials Alert that exploit scripts to infect your PC prior to installing Ultimate Scan or another rogue application.

Why Ultimate Scan's High Price is Even Higher Than You Think

Apart from its lack of usefulness as a spyware remover, Ultimate Scan is also associated with certain financial issues. The criminals that designed Ultimate Scan and market it and its clones have a history of making repeated charges to any credit card that happens to fall in your hands. If you've purchased Ultimate Scan before realizing that it's a rogue program, talk to your credit card company and cancel your credit card before excessive charges can be made.

Our SpywaRemove.com malware researchers have found that Ultimate Scan, like other rogue applications, launches itself without permission by adding startup entries into the Windows Registry. Such an advanced change to Windows makes reliance on sturdy anti-virus or other security software a smart option for removing Ultimate Scan without any undesirable side effects.


Screenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS]
    2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
    3 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS]
    4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ultimate Scan may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.