Windows Activity Inspector
Windows Activity Inspector is a new version of other rogue security programs like Windows Inspection Utility. Like Windows Activity Inspector's siblings, Windows Activity Inspector will use Trojans that imitate Windows errors to infect your system, thereafter creating fake infection warnings and other inaccurate warnings to sell you a fake security product activation key. You may also be unable to use various applications and notice symptoms of browser hijacking like a changed homepage or unfamiliar website redirects. Due to the sophisticated nature of the Windows Activity Inspector threat, removing Windows Activity Inspector should be done by anti-malware application, unless no such programs are available.
An Opening Inspection for the Fake Windows Activity Inspector
As a rogue security program, Windows Activity Inspector outwardly imitates different security functions while inwardly attacking your computer. You may also see infections resembling Windows Activity Inspector by the names of Windows Activity Inspector's clones, such as Windows Inspection Utility, Windows Supervision Center, Windows Defence Center and Windows Health Center.
Windows Activity Inspector and rogue security programs related to Windows Activity Inspector primarily infect new computers by means of the Fake Microsoft Security Essentials Alert, which may use some of the following messages in its attack:
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Microsoft Security Essentials Alert
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspender until you take an action.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
After showing these messages, the Fake Microsoft Security Essentials Alert will install Windows Activity Inspector and reboot your PC, and allow Windows Activity Inspector to run a fake system scan.
Digging into the Details of Windows Activity Inspector's Damage
Despite using the Windows brand logo and pretending to offer hard disk optimization and other types of computer protection, Windows Activity Inspector can't perform any of the functions Windows Activity Inspector tells you that Windows Activity Inspector has. Windows Activity Inspector will use fake system scans that tell you that your PC is full of infections, in addition to creating fake alerts and warnings.
Some samples of Windows Activity Inspector's warnings include:
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
The final error is an example of a pop-up used to make you believe that an application is infected when Windows Activity Inspector is actually preventing you from using it. In fact, the program is unharmed, and you should be able to run it once you make sure that Windows Activity Inspector isn't running anymore.
You may also experience changes in your web browser. Windows Activity Inspector may change your homepage, redirect you to hostile websites or even prevent you from visiting websites that contain information on how to remove Windows Activity Inspector. As is the case with your other programs, however, your browser isn't damaged – stopping Windows Activity Inspector by using Safe Mode or a CD-based system boot will allow you to access your browser normally.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\ .exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = "%AppData%\Microsoft\{RANDOM CHARACTERS}.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.