Windows Advanced Toolkit

By ESGI Advisor in Rogue Anti-Spyware Program | 175 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
 More... More

Windows Advanced Toolkit Description

Image Screenshot

[+] Click Image to Enlarge

You should not believe Windows Advanced Toolkit’s claims since, despite its name, Windows Advanced Toolkit is not actually a toolkit of any kind. Rather, Windows Advanced Toolkit is a fake security program belonging to the FakeVimes family of malware. Essentially, Windows Advanced Toolkit is part of a malware attack that tries to scam its victims by convincing them that they need to purchase useless fake security software. If Windows Advanced Toolkit is installed on your machine and you are getting messages and notifications associated with this program, this is usually a symptom of a severe malware infection on your computer system. Instead of believing Windows Advanced Toolkit’s lies, ESG malware researchers advise removing Windows Advanced Toolkit with a real security toolkit from a reliable manufacturer.

Understanding the Windows Advanced Toolkit Scam

Criminals profit from the Windows Advanced Toolkit fake security program by convincing computer users that they need to buy fake upgrades for this bogus security program. In order to carry out its scam, Windows Advanced Toolkit makes changes to the Windows Registry that allow Windows Advanced Toolkit to display a constant stream of scaring pop-up notifications and error messages from the Task Manager, as well as blocking access to certain files, applications, and websites. Trying to fix the supposed infections on your computer system using Windows Advanced Toolkit will always end up in error messages affirming that you need to ‘upgrade’ Windows Advanced Toolkit by paying for a full version of this fraudulent security tool. It is evident that, since Windows Advanced Toolkit has no actual anti-malware components, ESG malware researchers strongly discourage paying for this bogus security tool.

Windows Advanced Toolkit and the FakeVimes Family of Malware

The FakeVimes family of malware, to which Windows Advanced Toolkit belongs, has been responsible for infections in the wild since summer of 2009. ESG security researchers have observed that Windows Advanced Toolkit belongs to a particularly irritating batch of malware released in 2012 that will often be accompanied with a rootkit infection that is difficult to remove. Some other FakeVimes clones similar to Windows Advanced Toolkit include Windows Maintenance Guard, Windows Proactive Safety and Windows Advanced User Patch. While you can trick Windows Advanced Toolkit into changing to the ‘registered’ version using the code 0W000-000B0-00T00-E0020, this will do nothing to remove Windows Advanced Toolkit from your computer system; it will only stop this fake security program from displaying many of its irritating error messages.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Advanced Toolkit?

Download SpyHunter’s Detection Scanner
to Detect Windows Advanced Toolkit.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

‘How Windows Advanced Toolkit Infects Your Computer’ Video

Windows Advanced Toolkit Removal Details

Windows Advanced Toolkit has typically the following processes in memory:

  • %CommonAppData%\58ef5\SP98c.exe
  • %AppData%\Windows Advanced Toolkit\ScanDisk_.exe

Windows Advanced Toolkit creates the following files in the system:

  • %Programs%\Windows Advanced Toolkit.lnk
  • %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnk
  • %StartMenu%\Windows Advanced Toolkit.lnk
  • %AppData%\Windows Advanced Toolkit\Instructions.ini
  • %Desktop%\Windows Advanced Toolkit.lnk
  • %CommonAppData%\58ef5\SPT.ico

Windows Advanced Toolkit creates the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety”%CommonAppData%\58ef5\SP98c.exe” /s /d
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion 1.1.0.1010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware Firewall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString “[unknown dir]\[unknown file name].exe”/del
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe

Important Article Disclaimer

ESG Support Center

This entry was last updated on 06/22/12 and posted on 06/22/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« TrojanDownloader:AutoIt/Agent.A
‘Mystery Shopper Market Research’ Scam »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.