Home Malware Programs Rogue Anti-Spyware Programs Windows Attention Utility

Windows Attention Utility

Posted: May 12, 2011

ScreenshotWindows Attention Utility is a rogue security program that creates fake infection alerts, blocks applications from being used and takes over your web browser, all in the name of getting your credit card number. Most computers are infected by Windows Attention Utility after they've acquired a Fake Microsoft Security Essentials Alert infection, a Trojan that pretends to be part of the Windows operating system. As well as having none of the helpful features Windows Attention Utility advertises, Windows Attention Utility is also a notable risk to your PC security; remove Windows Attention Utility by running appropriate anti-malware application as soon as you can do so.

Looking Behind Windows Attention Utility's Curtain

Despite appearing to be a normal anti-virus and general security scanner, Windows Attention Utility has no ability to find or delete threats to your PC. In fact, Windows Attention Utility isn't even the only name this rogue security program goes by – duplicates in the malware industry include Windows Supervision Center, Windows Inspection Utility, Windows Expansion System and Windows Power Expansion.

Windows Attention Utility and Windows Attention Utility's duplicates are distributed to new systems by way of the Fake Microsoft Security Essentials Alert. This Trojan creates a fake warning in a Windows-esque pop-up about a 'Win32/Trojan' Trojan and then installs a rogue security application. Installation includes several Registry entries that let Windows Attention Utility start when your computer starts. After that, your PC will reboot to let Windows Attention Utility get your attention.

Windows Attention Utility will immediately hog your monitor's real estate with fake system scans that depict highly negative (and erroneous) results, as well as with more fake infection alerts. Here are just some of the alerts you might see:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

The Real Dangers of Windows Attention Utility

The above may be irritating, but aren't inherently dangerous for your computer. However, many of Windows Attention Utility's other functions are more directly hostile to your PC.

Windows Attention Utility may hijack your web browser. Symptoms of a browser hijack can include a changed homepage, being redirected to strange websites or being unable to access familiar and safe websites. Windows Attention Utility may conceal Windows Attention Utility's hijacks by redirecting you from unrelated links, adding links to text content or creating fake warnings about unsafe websites.

Exposure to Windows Attention Utility's home website or any other malicious websites related to Windows Attention Utility may result in your computer being attacked by other kinds of malicious security tools even if you avoid interacting with these sites.

A secondary concern is that Windows Attention Utility may stop any or all major applications from working correctly. Probable targets of Windows Attention Utility's mischief include anti-virus tools, general system diagnostic utilities and baseline Windows programs like Task Manager and MSConfig.

Ending all of Windows Attention Utility's attacks requires that you stop Windows Attention Utility from launching itself. Most Windows users will find it convenient to do this by using Safe Mode, which can be found in the alternate startup menu that's accessed after hitting F8 before Windows starts.

Once comfortably sitting in Safe Mode, you can afford to take all the time in the world to delete Windows Attention Utility by scanning your system with a genuine anti-malware application.


ScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

Additional Information on Windows Attention Utility

  • The following messages's were detected:
    # Message
    1 Threat prevention solution found
    Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
    Risk of system files infection:
    The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
    2 System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.
    Warning!
    Location: c:\windows\system32\taskmgr.exe
    Viruses: Backdoor.Win32.Rbot
    3 Microsoft Security Essentials Alert
    Potential Threat Details
    Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.
Loading...