Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Spyware Program Windows Activity Booster

Windows Activity Booster

By ESGI Advisor in Rogue Anti-Spyware Program
Translate To:
English

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: December 9, 2013
Last Seen: January 8, 2020
OS(es) Affected: Windows

ScreenshotWindows Activity Booster is one of the many rogue security tools that come from the FakeVimes family of rogue security software. Fake security programs are among the most common type of online scam. Windows Activity Booster is just one of dozens of rogue security applications used to scare inexperienced computer users into paying for useless, fake security applications. It is important to understand that Windows Activity Booster is a fake security program, a type of threat itself. Because of this, computer users should refrain from installing Windows Activity Booster on their computer and Windows Activity Booster should be removed at once with the help of a real security program in case Windows Activity Booster is installed on a computer.

Instead of Boosting Your PC Windows Activity Booster Steals Your Money

Windows Activity Booster may enter the computer, using normal threat distribution methods. Once Windows Activity Booster has been installed, Windows Activity Booster will make changes to the affected computer's settings that allow Windows Activity Booster to run automatically as soon as the affected computer starts up. After start-up, Windows Activity Booster displays a bogus system scan, claiming that Windows Activity Booster has found numerous threats on the affected computer. Windows Activity Booster also pesters the computer user with a large number of fake system alerts and alarming error messages claiming that the PC is severely infected. When the computer user tries to use Windows Activity Booster to disinfect the computer in question, Windows Activity Booster will display additional error messages claiming that it is necessary to pay for a 'full version' of Windows Activity Booster.

Putting an End on the Fake Promises of Windows Activity Booster

It is important to note that Windows Activity Booster's bogus full version is just as useless as its normal version. Because of this, computer users should avoid paying for Windows Activity Booster. Instead, a real security program that is fully up to date should be used to scan the affected computer and remove Windows Activity Booster. Since Windows Activity Booster may interfere with legitimate security programs, PC security researchers advise starting up the affected computer in Safe Mode before removal of Windows Activity Booster.

Among the many clones of Windows Activity Booster are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Activity Booster

File System Details

Windows Activity Booster may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. setup.exe 26609b30205bef5f297d0c53c45686c8 1
2. %AppData%\guard-[RANDOM CHARACTERS].exe
3. %AppData%\result1.db

Registry Details

Windows Activity Booster may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[RANDOM CHARACTERS].exe"
"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"

Messages

The following messages associated with Windows Activity Booster were found:

Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
Error
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Firewall has blocked a program from accessing the Internet
c:windowssystem32iexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: 127.0.0.1

Trending

Most Viewed

Loading...