Home Malware Programs Rogue Anti-Virus Programs Windows Monitoring Utility

Windows Monitoring Utility

Posted: June 9, 2011

ScreenshotWindows Monitoring Utility is a copy of previously-confirmed threats like Windows Custom Settings and Windows Risks Preventions. As a rogue security program, Windows Monitoring Utility uses a combination of fake pop-up warnings, inaccurate security grading displays and false system scan results to convince you that your computer is heavily infected by multiple threats. Along with not possessing any real anti-virus or security functionality, Windows Monitoring Utility may also prevent you from using various applications or take control over your web-browsing activities. For the sake of your PC's health, you should remove Windows Monitoring Utility the moment you notice it, by using a trustworthy anti-malware application.

Windows Monitoring Utility: A New Name with an Old Skin and Even Older Attacks

Windows Monitoring Utility pretends to monitor many different parts of your PC's overall security, including broad categories like 'memory & devices,' 'network security,' 'private data protection' and 'computer safety.' This monitoring is accompanied by a percentile grade of how safe your PC is in all of these areas, but Windows Monitoring Utility is designed to create poor grades without even glancing at your security.

Like most other rogue security programs, Windows Monitoring Utility can also fake system scans and create pop-ups with equally negative (and equally fake) warnings. Potential Windows Monitoring Utility warnings can include, among other possibilities:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot

Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Never trust the advice that Windows Monitoring Utility gives you with regards to these threats, since Windows Monitoring Utility is unable to detect genuine security problems and may cause you to harm critical processes or files like lsass.exe.

Likewise, you should try to minimize contact with the Windows Monitoring Utility website, which Windows Monitoring Utility will link you, to frequently to make you purchase a registration or activation key. Contact with websites like the Windows Monitoring Utility homepage has also been known to result in Trojan attacks visiting computers.

Windows Monitoring Utility's Cohorts and Other Underhanded Attacks

Windows Monitoring Utility is rarely installed without the help of Trojans; the Fake Microsoft Security Essentials Alert Trojan has been linked to distributing many Trojans in the Windows Monitoring Utility family. Other threats that can be installed by Fake Microsoft Security Essentials Alert Trojans include Windows Necessary Firewall, Windows Custom Settings, Windows Oversight Center and Windows Risks Preventions.

Just before Windows Monitoring Utility or a similar rogue security program is installed, the Fake Microsoft Security Essentials Alert may create its own warnings that imitate the look of a Security Essentials Alert. Some of Fake Microsoft Security Essentials Alert's pop-ups include:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

Windows Monitoring Utility may also engage in other attacks, besides pretending to be an anti-virus product. Windows Monitoring Utility may hijack your web browser to control your website destinations, launch itself without your permission whenever Windows starts, or stop a program from running while displaying fake infection alerts.

Deleting Windows Monitoring Utility is safest when achieved by appropriately sophisticated anti-malware software, particularly in Safe Mode. Removing Windows Monitoring Utility by manually deleting its components can result in other harm to your PC, unless the operation is performed by an expert.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

Additional Information on Windows Monitoring Utility

  • The following messages's were detected:
    # Message
    1 Threat prevention solution found
    Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
    Risk of system files infection:
    The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
    2 Microsoft Security Essentials Alert
    Potential Threat Details
    Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
    3 Warning! Database update failed!
    Database update failed!
    Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
    Click here to get the full version of the product and update the database!
    4 System component corrupted!
    System reboot error has occurred due to lsass.exe system process failure.
    This may be caused by severe malware infections.
    Automatic restore of lsass.exe backup copy completed.
    The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
    5 Warning!
    Name: [application file name]
    Name: [application file path]
    Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
    6 System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.
    7 Warning!
    Location: [application file path]
    Viruses: Backdoor.Win32.Rbot
Loading...