Threat Database Rogue Anti-Spyware Program Windows Cleaning Toolkit

Windows Cleaning Toolkit

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 7
First Seen: November 26, 2013
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Cleaning Toolkit Image

Windows Cleaning Toolkit is a rogue anti-malware scanner that is categorized as a rogue anti-spyware program from the FakeVimes family. Windows Cleaning Toolkit uses bogus automated scanners to supposedly check the affected computer for malware threats. After successful installation, Windows Cleaning Toolkit initiates its bogus system scans and reports falsified malware threat results in order to intimidate the PC user into believing the computer has been infected with numerous computer infections.

Windows Cleaning Toolkit will run automatically every time the computer user starts Windows and scan the PC without his permission. Every time Windows Cleaning Toolkit will list numerous security issues allegedly found on the computer system. Some of malware threats, not necessarily shown by Windows Cleaning Toolkit may be installed on the PC; however, the most severe security threat installed on the computer is Windows Cleaning Toolkit, which needs to be uninstalled immediately after detection with a reputable anti-malware application. Windows Cleaning Toolkit will also display fake warning messages that also attempt to frighten the computer user into thinking he has serious computer problems. PC users should not rely on Windows Cleaning Toolkit because it's an online scam created by Web attackers to harm PCs and extort money from unwary computer users.

Other fraudulent security programs that belong to the Windows Cleaning Toolkit family and use the same misleading tactics include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

SpyHunter Detects & Remove Windows Cleaning Toolkit

File System Details

Windows Cleaning Toolkit may create the following file(s):
# File Name MD5 Detections
1. guard-khxd.exe 991fa9637ce83f45a0e2c01088d1d469 2
2. %AppData%\guard-[RANDOM CHARACTERS].exe
3. %AppData%\result1.db
4. result1.db 4ea5af257d1ceb7daea8725d0db6996f 0

Registry Details

Windows Cleaning Toolkit may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"


Most Viewed