Windows Cleaning Toolkit

Windows Cleaning Toolkit Description

Type: Rogue Anti-Virus Program

ScreenshotWindows Cleaning Toolkit is a rogue anti-malware scanner that is categorized as a rogue anti-spyware program from the FakeVimes family. Windows Cleaning Toolkit uses bogus automated scanners to supposedly check the affected computer for malware threats. After successful installation, Windows Cleaning Toolkit initiates its bogus system scans and reports falsified malware threat results in order to intimidate the PC user into believing the computer has been infected with numerous computer infections.

Windows Cleaning Toolkit will run automatically every time the computer user starts Windows and scan the PC without his permission. Every time Windows Cleaning Toolkit will list numerous security issues allegedly found on the computer system. Some of malware threats, not necessarily shown by Windows Cleaning Toolkit may be installed on the PC; however, the most severe security threat installed on the computer is Windows Cleaning Toolkit, which needs to be uninstalled immediately after detection with a reputable anti-malware application. Windows Cleaning Toolkit will also display fake warning messages that also attempt to frighten the computer user into thinking he has serious computer problems. PC users should not rely on Windows Cleaning Toolkit because it's an online scam created by Web attackers to harm PCs and extort money from unwary computer users.

Other fraudulent security programs that belong to the Windows Cleaning Toolkit family and use the same misleading tactics include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Cleaning Toolkit

File System Details

Windows Cleaning Toolkit creates the following file(s):
# File Name MD5 Detection Count
1 guard-khxd.exe 991fa9637ce83f45a0e2c01088d1d469 2
2 %AppData%\guard-[RANDOM CHARACTERS].exe N/A
3 %AppData%\result1.db N/A
4 result1.db 4ea5af257d1ceb7daea8725d0db6996f 0

Registry Details

Windows Cleaning Toolkit creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.