Windows Advanced Toolkit

Windows Advanced Toolkit Description

Type: Rogue AntiSpyware Programs

ScreenshotYou should not believe Windows Advanced Toolkit's claims since, despite its name, Windows Advanced Toolkit is not actually a toolkit of any kind. Rather, Windows Advanced Toolkit is a fake security program belonging to the FakeVimes family of malware. Essentially, Windows Advanced Toolkit is part of a malware attack that tries to scam its victims by convincing them that they need to purchase useless fake security software. If Windows Advanced Toolkit is installed on your machine and you are getting messages and notifications associated with this program, this is usually a symptom of a severe malware infection on your computer system. Instead of believing Windows Advanced Toolkit's lies, ESG malware researchers advise removing Windows Advanced Toolkit with a real security toolkit from a reliable manufacturer.

Understanding the Windows Advanced Toolkit Scam

Criminals profit from the Windows Advanced Toolkit fake security program by convincing computer users that they need to buy fake upgrades for this bogus security program. In order to carry out its scam, Windows Advanced Toolkit makes changes to the Windows Registry that allow Windows Advanced Toolkit to display a constant stream of scaring pop-up notifications and error messages from the Task Manager, as well as blocking access to certain files, applications, and websites. Trying to fix the supposed infections on your computer system using Windows Advanced Toolkit will always end up in error messages affirming that you need to 'upgrade' Windows Advanced Toolkit by paying for a full version of this fraudulent security tool. It is evident that, since Windows Advanced Toolkit has no actual anti-malware components, ESG malware researchers strongly discourage paying for this bogus security tool.

Windows Advanced Toolkit and the FakeVimes Family of Malware

The FakeVimes family of malware, to which Windows Advanced Toolkit belongs, has been responsible for infections in the wild since summer of 2009. ESG security researchers have observed that Windows Advanced Toolkit belongs to a particularly irritating batch of malware released in 2012 that will often be accompanied with a rootkit infection that is difficult to remove. Some other FakeVimes clones similar to Windows Advanced Toolkit include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. While you can trick Windows Advanced Toolkit into changing to the 'registered' version using the code 0W000-000B0-00T00-E0020, this will do nothing to remove Windows Advanced Toolkit from your computer system; it will only stop this fake security program from displaying many of its irritating error messages.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Advanced Toolkit

Windows Advanced Toolkit Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Advanced Toolkit creates the following file(s):
# File Name MD5 Detection Count
1 Protector-ajff.exe a8852241fc353dd8d654f4eadbf91a77 1
2 %CommonAppData%\58ef5\SP98c.exe N/A
3 %AppData%\Windows Advanced Toolkit\ScanDisk_.exe N/A
4 %Programs%\Windows Advanced Toolkit.lnk N/A
5 %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg N/A
6 %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnk N/A
7 %StartMenu%\Windows Advanced Toolkit.lnk N/A
8 %AppData%\Windows Advanced Toolkit\Instructions.ini N/A
9 %Desktop%\Windows Advanced Toolkit.lnk N/A
10 %CommonAppData%\58ef5\SPT.ico N/A

Registry Details

Windows Advanced Toolkit creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety"%CommonAppData%\58ef5\SP98c.exe" /s /d
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion 1.1.0.1010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware Firewall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString "[unknown dir]\[unknown file name].exe"/del
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe

More Details on Windows Advanced Toolkit

The following messages associated with Windows Advanced Toolkit were found:
Error
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.