Windows Custom Management

Windows Custom Management Description

ScreenshotESG security analysts have received numerous reports of an outbreak of fake security applications occurring worldwide since early 2012. The rogue security programs involved all belong to the well-known family of malware. However, these may be be bundled with a rootkit component, often belonging to the Sirefef (or ZeroAccess) family of rootkits. Windows Custom Management is another fake security program belonging to this batch of malware in the FakeVimes family. ESG malware researchers urge computer users to disregard all warnings from Windows Custom Management and to remove this fake security application with a reliable anti-malware tool.

Windows Custom Management and the FakeVimes Family of Malware

Due to the fact that the FakeVimes family of malware has been around for several years (at least since summer of 2009), most security applications can deal easily with a FakeVimes-related infection. However, the rootkit component included in recent variants of the FakeVimes family makes them considerably more resilient than previous fake security programs in this family of rogue security software. To remove Windows Custom Management and other fake security programs released in 2012, it may be necessary to use a specialized anti-rootkit program. Examples of fake security applications in the FakeVimes family released in 2012 or previously involve All variants in the FakeVimes family of malware will pester you with annoying error messages in an attempt to persuade you that you have to purchase a 'full version' of these fake security programs.

Protecting Your Computer from Windows Custom Management and Its Clones

Most Windows Custom Management infections will begin with a social engineering attack. These kinds of attacks will usually try to trick you by trying to convince you that your PC is dangerously infected with malware. Following this, you will get messages urging you to download Windows Custom Management or one of its clones in order to remove these supposed infections for free. Of course, Windows Custom Management is actually a kind of malware program itself. To remove this invader from your computer system, ESG security researchers recommend using a reliable anti-malware program with the ability to deal with rootkit infections. You should disregard all of Windows Custom Management's warnings and never pay for its 'full version.' The registration code 0W000-000B0-00T00-E0020 can stop many of Windows Custom Management's most irritating symptoms. However, this registration code will do nothing to remove Windows Custom Management. To accomplish this, you need to use a reliable anti-malware program.

Technical Information

Screenshots & Other Imagery

Windows Custom Management Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Custom Management creates the following file(s):
# File Name Detection Count
1 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Custom Management creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe