Windows Care Taker

Threat Scorecard

Ranking: 3,145
Threat Level: 20 % (Normal)
Infected Computers: 6,299
First Seen: April 5, 2012
Last Seen: September 17, 2023
OS(es) Affected: Windows

Windows Care Taker Image

ESG malware analysts have been dealing with a large outbreak of FakeVimes rogue security applications since the beginning of 2012. This family of malware has been active since 2009, with new versions of its fake security programs released periodically. ESG security researchers reported a large batch of FakeVimes rogue security programs that were released in 2012. Windows Care Taker belongs to this group of clones of FakeVimes malicious software. Like most rogue security programs, Windows Care Taker pretends to be a legitimate security program in order to extort money from its victims.

There are dozens (or even hundreds) of versions of malware identical to Windows Care Taker, including FakeVimes rogue security programs named Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. Despite their different names, the only real difference between one version of Windows Care Taker and another is in the file names, which are generated randomly. Windows Care Taker will use an executable file with the prefix "inspector-" and a short string of three random letters. These three random letters have been used by FakeVimes rogue security programs to name their files since the very first versions of these fake security programs.

Taking a Closer Look at the Windows Care Taker Scam

The Windows Care Taker scam is identical to the one used by most fake security programs. These malicious applications infiltrate victim's computer through various means, usually with the help of a dropper Trojan or via social engineering methods. Once inside the victim's computer, they will deliberately cause a number of problems, such as making the victim's computer run slowly or become more unstable. These problems are accompanied with numerous fake security alerts, error messages and a fake system scan, all claiming that the victim's computer is severely infected with malware (despite the fact that the real malware infection is Windows Care Taker itself). The victim is then prompted to purchase a "full version" of the Windows Care Taker "anti-virus" in order to fix these imaginary problems. Of course, since Windows Care Taker has no real anti-virus capabilities, paying for this fake security program is a waste of your money. Do not fall for the Windows Care Taker scam! Instead, use a real, reliable anti-malware application to detect Windows Care Taker and its associated malware and to remove them from your computer system permanently.

Windows Care Taker Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Care Taker may create the following file(s):
# File Name Detections
1. %AppData%\Inspector-[RANDOM CHARACTERS].exe
2. %AppData%\npswf32.dll
3. %CommonPrograms%\Windows Care Taker.lnk
4. %DesktopDir%\Windows Care Taker.lnk

Registry Details

Windows Care Taker may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

URLs

Windows Care Taker may call the following URLs:

mp3vizor.com

Messages

The following messages associated with Windows Care Taker were found:

Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites

Trending

Most Viewed

Loading...