Threat Database Rogue Anti-Spyware Program Windows Maintenance Suite

Windows Maintenance Suite

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: June 6, 2012
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Maintenance Suite Image

Windows Maintenance Suite is not designed to perform maintenance on your computer system. In fact, quite the opposite: Windows Maintenance Suite is a fake security program that is related to a multi-component malware attack on your PC. Windows Maintenance Suite belongs to a particularly large family of bogus security software known as FakeVimes. These kinds of malware infections carry out a common online scam which tries to prey on credulous computer users by persuading them that they must purchase useless fake security software like Windows Maintenance Suite.

Windows Maintenance Suite’s Family of Malware Has Been Around for a Long Time

The FakeVimes family of rogue security software has been active since 2009 and, since then, it has been progressively getting more difficult to remove than ever before. This is because malware in the FakeVimes family released in 2012 is at its core functionally identical to previous versions of FakeVimes malware but is bundled with a dangerous rootkit component that is very difficult to remove. There are dozens of clones of Windows Maintenance Suite. Some examples of these, also released in 2012, include programs with names like Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. While most legitimate security programs can remove Windows Maintenance Suite, a specialized anti-rootkit program may be necessary to remove its associated rootkit component.

How Windows Maintenance Suite Tries to Trick You out of Your Money

Windows Maintenance Suite has many components designed to convince you that your PC is infected with malware. Among the tricks Windows Maintenance Suite has up its sleeve there are several error messages: pop-up messages from the Taskbar: fake system scans that Windows Maintenance Suite runs after start-up: and constant redirects to a website where you are urged to pay for a 'full version' of Windows Maintenance Suite. This fake security program can also cause application and system crashes, decrease your computer system's performance, block access to your own files, and make your computer system more vulnerable to other attacks. However, despite Windows Maintenance Suite's claims, these symptoms are caused by Windows Maintenance Suite itself and not by any other viruses or Trojans supposedly detected by this bogus security program.

Fortunately, you can trick Windows Maintenance Suite into believing that you have registered Windows Maintenance Suite. Simply enter the registration code 0W000-000B0-00T00-E0020. It is important to note that entering that code will not remove Windows Maintenance Suite and its associated malware components from your computer system. However, it will stop most of its irritating symptoms, making removal of Windows Maintenance Suite with a reliable anti-malware program less of a headache.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Maintenance Suite

Windows Maintenance Suite Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Maintenance Suite may create the following file(s):
# File Name MD5 Detections
1. Protector-hhjq.exe 61bd519e9e84ea12d9af329d08be1f7a 1
2. %AppData%\Protector-[RANDOM CHARACTERS].exe

Registry Details

Windows Maintenance Suite may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SoftwareMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

Messages

The following messages associated with Windows Maintenance Suite were found:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Trending

Most Viewed

Loading...