Ultimate Scan
Ultimate Scan is a counterfeit anti-spyware and general security scanner that passes off a cheap imitation of security features as the real thing. With close ties to other rogue security programs and fraudulent websites that are well-known to our research team, Ultimate Scan is suspicious enough if judged simply by its acquaintances. The utter lack of real anti-virus, anti-spyware or other security features in Ultimate Scan are just nails hammering shut the coffin of Ultimate Scan's theoretical respectability. Due to all of the above reasons, as well as the fact that Ultimate Scan may be accompanied by trojans and other threats, it's suggested that you delete Ultimate Scan with a robust anti-malware product.
The Ultimate Truth Behind Ultimate Scan
Ultimate Scan is part of a recent (dating roughly from July of 2011) rogue security product subgroup that sells its individual members on several websites, with different names but the same attacks and visual templates. Our malware experts have come to the conclusion that all of Ultimate Scan's earnest marketing has no basis in reality, and an equally earnest inspection of Ultimate Scan hasn't turned up even one genuine anti-spyware feature.
Ultimate Scan may create error messages that caution you about infections that supposedly are on your PC, but these infections are as fake as Ultimate Scan itself, and all scanner results and other communications from Ultimate Scan should be distrusted. As long as Ultimate Scan is on your computer, you may also find your browser redirected to suspicious websites like the following:
- clean-security.com
- unlimdefender.com
- unlimguard.com
- ultimate-guard.com
- ultimate-scan.com
Our malware analysts have found that each of these websites markets Ultimate Scan or a clone of Ultimate Scan. Currently-available clone names include Unlimited Defender, Ultimate Guard, XP Antivirus 2012, Vista Security 2012, Win 7 Security 2012, and Windows XP Repair. All of the above, as well as Ultimate Scan, may be referenced with or without a '2011' tag; for example, Ultimate Scan 2011 and Ultimate Scan should be considered the same rogue application.
Any contact with the listed websites can be hazardous, since such website are known to harbor trojans such as a href="/removeZlob.html" title="Remove Zlob">Zlob and Fake Microsoft Security Essentials Alert that exploit scripts to infect your PC prior to installing Ultimate Scan or another rogue application.
Why Ultimate Scan's High Price is Even Higher Than You Think
Apart from its lack of usefulness as a spyware remover, Ultimate Scan is also associated with certain financial issues. The criminals that designed Ultimate Scan and market it and its clones have a history of making repeated charges to any credit card that happens to fall in your hands. If you've purchased Ultimate Scan before realizing that it's a rogue program, talk to your credit card company and cancel your credit card before excessive charges can be made.
Our SpywaRemove.com malware researchers have found that Ultimate Scan, like other rogue applications, launches itself without permission by adding startup entries into the Windows Registry. Such an advanced change to Windows makes reliance on sturdy anti-virus or other security software a smart option for removing Ultimate Scan without any undesirable side effects.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS] 2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe 3 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS] 4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.