Windows Activity Booster

Windows Activity Booster Description

Type: Rogue AntiSpyware Programs

ScreenshotWindows Activity Booster is one of the many rogue security tools that come from the FakeVimes family of rogue security software. Fake security programs are among the most common type of online scam. Windows Activity Booster is just one of dozens of rogue security applications used to scare inexperienced computer users into paying for useless, fake security applications. It is important to understand that Windows Activity Booster is a fake security program, a type of threat itself. Because of this, computer users should refrain from installing Windows Activity Booster on their computer and Windows Activity Booster should be removed at once with the help of a real security program in case Windows Activity Booster is installed on a computer.

Instead of Boosting Your PC Windows Activity Booster Steals Your Money

Windows Activity Booster may enter the computer, using normal threat distribution methods. Once Windows Activity Booster has been installed, Windows Activity Booster will make changes to the affected computer's settings that allow Windows Activity Booster to run automatically as soon as the affected computer starts up. After start-up, Windows Activity Booster displays a bogus system scan, claiming that Windows Activity Booster has found numerous threats on the affected computer. Windows Activity Booster also pesters the computer user with a large number of fake system alerts and alarming error messages claiming that the PC is severely infected. When the computer user tries to use Windows Activity Booster to disinfect the computer in question, Windows Activity Booster will display additional error messages claiming that it is necessary to pay for a 'full version' of Windows Activity Booster.

Putting an End on the Fake Promises of Windows Activity Booster

It is important to note that Windows Activity Booster's bogus full version is just as useless as its normal version. Because of this, computer users should avoid paying for Windows Activity Booster. Instead, a real security program that is fully up to date should be used to scan the affected computer and remove Windows Activity Booster. Since Windows Activity Booster may interfere with legitimate security programs, PC security researchers advise starting up the affected computer in Safe Mode before removal of Windows Activity Booster.

Among the many clones of Windows Activity Booster are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Activity Booster

File System Details

Windows Activity Booster creates the following file(s):
# File Name MD5 Detection Count
1 setup.exe 26609b30205bef5f297d0c53c45686c8 1
2 %AppData%\guard-[RANDOM CHARACTERS].exe N/A
3 %AppData%\result1.db N/A

Registry Details

Windows Activity Booster creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[RANDOM CHARACTERS].exe"
"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"

More Details on Windows Activity Booster

The following messages associated with Windows Activity Booster were found:
Error
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
Error
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Firewall has blocked a program from accessing the Internet
c:windowssystem32iexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: 127.0.0.1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.