Windows Custodian Utility
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 1,395 |
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 4,791 |
| First Seen: | April 4, 2012 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
Windows Custodian Utility Image
ESG security researchers have released an alert about Windows Custodian Utility, a fake security program that may be installed voluntarily or appear on the victim's computer without their consent. Windows Custodian Utility is not a real security application and is part of a malware attack on the infected computer system. Windows Custodian Utility is one of the many fake anti-virus programs belonging to the FakeVimes family of malware. These kinds of malware applications are known as rogue anti-virus programs. Malware in Windows Custodian Utility's family has been around for several years (at least since 2009), and new versions of these fake security applications are released periodically.
Examples of clones of Windows Custodian Utility include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
There are dozens of versions of FakeVimes rogue anti-virus programs, all of them composed of the same basic program with a different name and differently-named components (such as file names). Criminals create these clones in order to make it more difficult for malware analyst to identify Windows Custodian Utility clones for what they are. Malware in the FakeVimes family is characterized by its use of randomly-named files, composed of a three-letter string which is entirely random. This string is often preceded with the sting "protector-" or "inspector-" depending on the particular clones of Windows Custodian Utility attacking the victim's computer system.
Table of Contents
Understanding How Criminals Use Windows Custodian Utility to Steal Your Money
Windows Custodian Utility is not very different from most rogue anti-virus applications. These are all characterized by using the same basic scam: entering a victim's computer, claiming to be a legitimate security program, and then deliberately causing problems on the victim's computer in order to convince the victim to purchase a "full version" of Windows Custodian Utility. ESG security researchers have not detected any anti-malware capabilities within Windows Custodian Utility, and it is certain that this fake security program is part of this well-known online scam. Basically, Windows Custodian Utility is designed to do little more than display several error messages and misleading security alerts, and to direct the victim constantly to a website which will prompt them to enter their credit card information so as to purchase this useless "full version" of Windows Custodian Utility. You should not purchase Windows Custodian Utility under any circumstances; remove Windows Custodian Utility with a reliable anti-malware program instead.
SpyHunter Detects & Remove Windows Custodian Utility
Windows Custodian Utility Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | Protector-jdpf.exe | 448a4c8d4404b0173caace2896cbc72c | 1 |
| 2. | Protector-syyx.exe | 9bcb95f35c826568356a78722d2e9f09 | 1 |
| 3. | %AppData%\Inspector-[RANDOM CHARACTERS].exe | ||
| 4. | %AppData%\npswf32.dll | ||
| 5. | %CommonPrograms%\Windows Custodian Utility.lnk | ||
| 6. | %DesktopDir%\Windows Custodian Utility.lnk |
Registry Details
Messages
The following messages associated with Windows Custodian Utility were found:
|
Error
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan. |
|
Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124 Target: Your passwords for sites |
