Windows Custodian Utility

Windows Custodian Utility Description

Type: Possibly Unwanted Program

ScreenshotESG security researchers have released an alert about Windows Custodian Utility, a fake security program that may be installed voluntarily or appear on the victim's computer without their consent. Windows Custodian Utility is not a real security application and is part of a malware attack on the infected computer system. Windows Custodian Utility is one of the many fake anti-virus programs belonging to the FakeVimes family of malware. These kinds of malware applications are known as rogue anti-virus programs. Malware in Windows Custodian Utility's family has been around for several years (at least since 2009), and new versions of these fake security applications are released periodically.

Examples of clones of Windows Custodian Utility include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

There are dozens of versions of FakeVimes rogue anti-virus programs, all of them composed of the same basic program with a different name and differently-named components (such as file names). Criminals create these clones in order to make it more difficult for malware analyst to identify Windows Custodian Utility clones for what they are. Malware in the FakeVimes family is characterized by its use of randomly-named files, composed of a three-letter string which is entirely random. This string is often preceded with the sting "protector-" or "inspector-" depending on the particular clones of Windows Custodian Utility attacking the victim's computer system.

Understanding How Criminals Use Windows Custodian Utility to Steal Your Money

Windows Custodian Utility is not very different from most rogue anti-virus applications. These are all characterized by using the same basic scam: entering a victim's computer, claiming to be a legitimate security program, and then deliberately causing problems on the victim's computer in order to convince the victim to purchase a "full version" of Windows Custodian Utility. ESG security researchers have not detected any anti-malware capabilities within Windows Custodian Utility, and it is certain that this fake security program is part of this well-known online scam. Basically, Windows Custodian Utility is designed to do little more than display several error messages and misleading security alerts, and to direct the victim constantly to a website which will prompt them to enter their credit card information so as to purchase this useless "full version" of Windows Custodian Utility. You should not purchase Windows Custodian Utility under any circumstances; remove Windows Custodian Utility with a reliable anti-malware program instead.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Custodian Utility

Windows Custodian Utility Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Custodian Utility creates the following file(s):
# File Name MD5 Detection Count
1 Protector-jdpf.exe 448a4c8d4404b0173caace2896cbc72c 1
2 Protector-syyx.exe 9bcb95f35c826568356a78722d2e9f09 1
3 %AppData%\Inspector-[RANDOM CHARACTERS].exe N/A
4 %AppData%\npswf32.dll N/A
5 %CommonPrograms%\Windows Custodian Utility.lnk N/A
6 %DesktopDir%\Windows Custodian Utility.lnk N/A

Registry Details

Windows Custodian Utility creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

More Details on Windows Custodian Utility

The following messages associated with Windows Custodian Utility were found:
Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.