Windows Care Taker

Windows Care Taker Description

Type: Adware

ScreenshotESG malware analysts have been dealing with a large outbreak of FakeVimes rogue security applications since the beginning of 2012. This family of malware has been active since 2009, with new versions of its fake security programs released periodically. ESG security researchers reported a large batch of FakeVimes rogue security programs that were released in 2012. Windows Care Taker belongs to this group of clones of FakeVimes malicious software. Like most rogue security programs, Windows Care Taker pretends to be a legitimate security program in order to extort money from its victims.

There are dozens (or even hundreds) of versions of malware identical to Windows Care Taker, including FakeVimes rogue security programs named Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. Despite their different names, the only real difference between one version of Windows Care Taker and another is in the file names, which are generated randomly. Windows Care Taker will use an executable file with the prefix "inspector-" and a short string of three random letters. These three random letters have been used by FakeVimes rogue security programs to name their files since the very first versions of these fake security programs.

Taking a Closer Look at the Windows Care Taker Scam

The Windows Care Taker scam is identical to the one used by most fake security programs. These malicious applications infiltrate victim's computer through various means, usually with the help of a dropper Trojan or via social engineering methods. Once inside the victim's computer, they will deliberately cause a number of problems, such as making the victim's computer run slowly or become more unstable. These problems are accompanied with numerous fake security alerts, error messages and a fake system scan, all claiming that the victim's computer is severely infected with malware (despite the fact that the real malware infection is Windows Care Taker itself). The victim is then prompted to purchase a "full version" of the Windows Care Taker "anti-virus" in order to fix these imaginary problems. Of course, since Windows Care Taker has no real anti-virus capabilities, paying for this fake security program is a waste of your money. Do not fall for the Windows Care Taker scam! Instead, use a real, reliable anti-malware application to detect Windows Care Taker and its associated malware and to remove them from your computer system permanently.

Technical Information

Screenshots & Other Imagery

Windows Care Taker Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Care Taker creates the following file(s):
# File Name Detection Count
1 %AppData%\Inspector-[RANDOM CHARACTERS].exe N/A
2 %AppData%\npswf32.dll N/A
3 %CommonPrograms%\Windows Care Taker.lnk N/A
4 %DesktopDir%\Windows Care Taker.lnk N/A

Registry Details

Windows Care Taker creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

More Details on Windows Care Taker

The following messages associated with Windows Care Taker were found:
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Identity theft attempt Detected
Hidden connection IP:
Target: Your passwords for sites

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.