Windows Cleaning Toolkit Removal Report

Windows Cleaning Toolkit Description

Type: Rogue Anti-Virus Program

Windows Cleaning Toolkit is a rogue anti-malware scanner that is categorized as a rogue anti-spyware program from the FakeVimes family. Windows Cleaning Toolkit uses bogus automated scanners to supposedly check the affected computer for malware threats. After successful installation, Windows Cleaning Toolkit initiates its bogus system scans and reports falsified malware threat results in order to intimidate the PC user into believing the computer has been infected with numerous computer infections.

Windows Cleaning Toolkit will run automatically every time the computer user starts Windows and scan the PC without his permission. Every time Windows Cleaning Toolkit will list numerous security issues allegedly found on the computer system. Some of malware threats, not necessarily shown by Windows Cleaning Toolkit may be installed on the PC; however, the most severe security threat installed on the computer is Windows Cleaning Toolkit, which needs to be uninstalled immediately after detection with a reputable anti-malware application. Windows Cleaning Toolkit will also display fake warning messages that also attempt to frighten the computer user into thinking he has serious computer problems. PC users should not rely on Windows Cleaning Toolkit because it's an online scam created by Web attackers to harm PCs and extort money from unwary computer users.

Other fraudulent security programs that belong to the Windows Cleaning Toolkit family and use the same misleading tactics include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Cleaning Toolkit

File System Details

Windows Cleaning Toolkit creates the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detection Count
1	guard-khxd.exe	991fa9637ce83f45a0e2c01088d1d469	2
Name: guard-khxd.exe MD5: 991fa9637ce83f45a0e2c01088d1d469 Size: 1.18 MB (1184448 bytes) Detection Count: 2 Type: Executable File Path: %APPDATA%\ Group: Malware file Last Updated: January 8, 2020
2	%AppData%\guard-[RANDOM CHARACTERS].exe		N/A
Name: %AppData%\guard-[RANDOM CHARACTERS].exe Type: Executable File Group: Malware file
3	%AppData%\result1.db		N/A
Name: %AppData%\result1.db Group: Malware file
4	result1.db	4ea5af257d1ceb7daea8725d0db6996f	0
Name: result1.db MD5: 4ea5af257d1ceb7daea8725d0db6996f Size: 2.37 KB (2372 bytes) Detection Count: 0 Group: Malware file Last Updated: November 27, 2013

Registry Details

Windows Cleaning Toolkit creates the following registry entry or registry entries:

Registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[RANDOM CHARACTERS].exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

First Seen:	November 26, 2013
Last Seen:	January 8, 2020
OS(es) Affected:	Windows

Windows Cleaning Toolkit

Windows Cleaning Toolkit Description

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Cleaning Toolkit

File System Details

Registry Details

Site Disclaimer

Your comment is awaiting moderation.

Please verify that you are not a robot.

Leave a Reply

EnigmaSoft Threat Scorecard

Popular Malware

Popular Trojans

Popular Ransomware

Popular Issues

Popular How-Tos

Products

Malware Research

Company

Legal

Threat Level:	100 % (High)
Infected Computers:	7