Activate Ultimate Protection

Posted: May 25, 2012

Activate Ultimate Protection Description

Activate Ultimate Protection Screenshot 1Activate Ultimate Protection is a component of recent versions of rogue anti-malware programs from the Win32/FakeVimes family. Like all components and features of such scamware, Activate Ultimate Protection doesn't have any ability to protect your PC and is always an indication of infection by malicious software. While the most likely danger that's presented by Activate Ultimate Protection itself is being tricked into spending money on its associated scamware, SpywareRemove.com malware researchers have found that other attacks that are also included in common Activate Ultimate Protection-related infections are browser redirects, search engine hijacks, fraudulent pop-up alerts, blocked programs and a litany of other unauthorized changes to Windows. While rogue anti-malware applications that use fake Activate Ultimate Protection features are limited to attacking Windows PCs, they should be considered to be actively-distributing PC threats with ongoing development.

When You Activate Ultimate Protection and Deactivate Your Own Finances in the Process

Because SpywareRemove.com malware research team has found that Activate Ultimate Protection's buttons are always components of rogue AV products, you should be prepared to identify differently-named scamware products by their usage of Activate Ultimate Protection and similar attributes (such as fake 'Advanced Process Control' features that replace Windows Task Manager). Examples of other members of that have been confirmed to use Activate Ultimate Protection buttons in their template include:

Notably, SpywareRemove.com malware researchers have also seen some occurrences of WIn32/FakeVimes variants that break out of their typical brand-name pattern to include an additional word (such as Windows Pro Safety Release). Older variants of WIn32/FakeVimes have been known to use different naming patterns and aren't guaranteed to include Activate Ultimate Protection buttons (although they will continue to be nearly-identical in most other respects).

The PC threat-defining and most visible attacks from Activate Ultimate Protection-related scamware programs include fraudulent security warnings, system notifications and hard drive scans. Although all security information from an Activate Ultimate Protection-branded program will display fake results that warn you about harmful software or attacks that aren't actually reaching your computer, these FakeVimes variants may also cause real security issues until they're deleted. Activate Ultimate Protection doesn't serve any purpose besides encouraging you to spend money on the fake anti-malware program that Activate Ultimate Protection is attached to, and, as such, should never be interacted with as long as you're interested in saving your money for legitimate software.

How You Can Tell Activate Ultimate Protection to Put a Sock in It

Since there's no reason to 'activate' any software that Activate Ultimate Protection recommends you to purchase, SpywareRemove.com malware researchers encourage you to delete all Activate Ultimate Protection-associated scamware once you begin to see the first indications of fake pop-ups and other symptoms (such as browser redirects or blocked AV software) on your computer. Since the presence of rogue anti-malware scanners from Activate Ultimate Protection's family is always indicative of potentially serious security vulnerabilities, it's suggested that you enact an appropriate solution ASAP to minimize any chance of permanent damage to your operating system.

FakeVimes-based PC threats with Activate Ultimate Protection characteristics are limited to attacking Windows-based operating systems, although similar types of fake security products from other families aren't necessarily restricted to Windows attacks. SpywareRemove.com malware analysts have found that fake software updates (for Flash, media codecs, etc) and fake movie-streaming links are two of the most common methods for Activate Ultimate Protection-associated PC threats to be installed, along with fraudulent online scanners. This installation process often uses a Trojan dropper or Trojan downloader such as Zlob, and any scan to remove Activate Ultimate Protection-related software should also be exacting enough to delete related Trojans.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Activate Ultimate Protection may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications


The following newly produced Registry Values are:

ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\InstallLocation [unknown dir]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\Publisher UIS Inc.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\UninstallString “[unknown dir]\[unknown file name].exe” /delHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayIcon [unknown dir]\[unknown file name].exe,0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayName Activate Ultimate ProtectionHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayVersion 1.1.0.1010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Activate Ultimate Protection “%CommonAppData%\58ef5\SP98c.exe” /s /dHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate ProtectionHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFGHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracingHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe
Home Malware Programs Rogue Anti-Spyware Programs Activate Ultimate Protection

3 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.