Windows Care Taker
Posted: April 5, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 3,922 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 15,650 |
| First Seen: | April 5, 2012 |
|---|---|
| Last Seen: | March 8, 2025 |
| OS(es) Affected: | Windows |
With everything from a self-proclaimed 'all-in-one' suite to anti-phishing features to an advanced process control tool, Windows Care Taker may act as though Windows Care Taker has all of your security worries under control, but this is not the truth. Windows Care Taker isn't able to detect or remove any kind of malicious software from your PC. Sadly, this crippling disadvantage will not slow Windows Care Taker down from creating bogus alerts to lure you into believing that Windows Care Taker is a legitimate security product. SpywareRemove.com malware researchers have also noted the involvement of Windows Care Taker and its relatives in attacks that can block real security programs or hijack your browser, and for this reason label Windows Care Taker as not just a nuisance, but a threat to your PC that should be exterminated post-haste.
Why Windows Care Taker Offers Your PC Everything Except Genuine Security
While its predominant purpose appears to be serving as a fake anti-virus scanner, Windows Care Taker also offers a number of other fraudulent security features that feed you false information, control which applications you can access and even modify your web-browsing settings. You can anticipate the following attacks on any PC that's infected by a FakeVimes-based scamware program like Windows Care Taker:
- Changes to your Hosts file that force your web browser to redirect to hostile or unusual websites. SpywareRemove.com malware experts have found that these redirects focus especially on any attempts to use search engines and may even be involved in altering your search results.
- Malfunctioning security, firewall and system diagnostic applications. In particular, Windows Care Taker and its clones are noted for their ability not only to block Windows Task Manager, but replace it with their own memory-monitoring utility without your consent. These issues may make it necessary that you disable Windows Care Taker via Safe Mode or alternative methods before you're able to run software that's capable of deleting Windows Care Taker from your PC.
- Pop-up messages, including fake task bar notifications and fake system prompts that promote Windows Care Taker or include erroneous information about the presence of nonexistent PC threats.
SpywareRemove.com malware experts place some stress on the fact that the latter attack can be identified as independent from legitimate warning messages due to the unusual and unlikely contents of Windows Care Taker's warnings, which will threaten you with extreme (and extremely fake) dangers.
Toll-Free Methods of Kicking Windows Care Taker Out of Your Computer
Even though Windows Care Taker will persistently request that you buy a registration key for its software, giving in to its pleas is both a waste of money and a risk for your financial information. However, SpywareRemove.com malware analysts have found the free key '0W000-000B0-00T00-E0020' to be useful for faking registration of FakeVimes-based rogue AV products, and you may wish to do this to reduce Windows Care Taker's attacks before you scan your PC. Removing Windows Care Taker without scans from suitable anti-malware software is discouraged, since Windows Care Taker will also alter the Windows Registry and may be accompanied by other PC threats that don't exhibit the same visible symptoms that Windows Care Taker is known to display.
Windows Care Taker is a re-branding of other rogue anti-virus programs like Privacy Guard Pro, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security and PrivacyGuard Pro 2.0.
Because Windows Care Taker can block your legitimate security applications while Windows Care Taker is active, SpywareRemove.com malware research team encourages you to use various methods to shut Windows Care Taker down before you delete Windows Care Taker appropriately. Suitable solutions can involve using Safe Mode, switching operating systems temporarily or even booting your PC from a removable drive device.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\npswf32.dll
File name: %AppData%\npswf32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\Inspector-[RANDOM CHARACTERS].exe
File name: %AppData%\Inspector-[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonPrograms%\Windows Care Taker.lnk
File name: %CommonPrograms%\Windows Care Taker.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%DesktopDir%\Windows Care Taker.lnk
File name: %DesktopDir%\Windows Care Taker.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Additional Information
| # | Message |
|---|---|
| 1 | Error
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan. |
| 2 | Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
| 3 | Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124 Target: Your passwords for sites |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.