Windows Inspection Utility

By Domesticus in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level:	100 % (High)
Infected Computers:	15

First Seen:	May 12, 2011
Last Seen:	January 8, 2020
OS(es) Affected:	Windows

Windows Inspection Utility Image

Windows Inspection Utility is not what it seems. Windows Inspection Utility is a rogue security program that proliferates with the assistance of Trojans, which are usually found fake video codecs or bundled peer-to-peer file-sharing software. Once Windows Inspection Utility usurps a computer, it will issue bogus warning alerts that look similar to Windows notifications alleging to detect malware. Fake alerts are intended to lure computer users to purchase the full version of the rogue program Windows Inspection Utility. The only problem in your computer is Windows Inspection Utility. Do not let Windows Inspection Utility trick you. Windows Inspection Utility is only a vehicle that allows cybercrooks to collect credit card information on naive computer users. If infected with Windows Inspection Utility, you should seek a reliable anti-spyware program.

Table of Contents

SpyHunter Detects & Remove Windows Inspection Utility

File System Details

Windows Inspection Utility may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	tcsmaa.exe	bd5a8502dbac70319a63caf669b10a93	1
Name: tcsmaa.exe MD5: bd5a8502dbac70319a63caf669b10a93 Size: 1.76 MB (1760256 bytes) Detections: 1 Type: Executable File Path: %AppData%\Microsoft Group: Malware file Last Updated: January 8, 2020
2.	%AppData%\Microsoft\[RANDOM CHARACTERS].exe
Name: %AppData%\Microsoft\[RANDOM CHARACTERS].exe Type: Executable File Group: Malware file

Registry Details

Windows Inspection Utility may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Windows Inspection Utility

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Windows Inspection Utility

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen