Windows Internet Booster

Windows Internet Booster Description

ScreenshotWindows Internet Booster is not an application involved in increasing your Internet speed or helping your computer in any way. In fact, Windows Internet Booster is actually a malware program that is disguised as an anti-malware application. Fake security programs like Windows Internet Booster are known as rogue security applications (often just 'rogueware' for short). These kinds of malware applications are used as part of a well-known online scam that involves tricking computer users into thinking that their computer system is in severe problems. Then, by taking advantage of this panic, criminals will attempt to convince the victim to purchase a 'full version' of the rogue security program.

Rogue anti-malware programs are among the most common online scams. Because of this, there are thousands of versions of these kinds of malware programs, ranging from the relatively benign (those that simply imitate a fake security program without going any further) to those that involve a severe intrusion into your computer system. Unfortunately, Windows Internet Booster belongs to this second kind of malware program. A Windows Internet Booster infection will often include the presence of numerous Trojans and some kind of rootkit component on the victim's computer system. Windows Internet Booster will use intrusive tactics in order to take over the victim's computer system so that it can cause alarming security alerts, browser redirects, system crashes, and various other symptoms.

Windows Internet Booster Belongs to a Large Family of Malware

ESG team of PC security researchers has detected dozens of different versions of Windows Internet Booster. All of these belongs to a family of malware known as . Examples of other malware in this family of scamware include such fake security programs as

Malware in the FakeVimes family have been around since 2009 and are a well known threat to a computer's security. It seems that FakeVimes rogue security programs released in 2012 (including Windows Internet Booster) will include a version of the ZeroAccess rootkit as part of the infection. Because of this, removing them is no easy task, often requiring the help of a specialized anti-rootkit tool. The registration code 0W000-000B0-00T00-E0020 can aid in removing Windows Internet Booster by stopping some of its most annoying symptoms. However, removal of Windows Internet Booster with a reliable anti-virus program will still be necessary.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Internet Booster infects a computer.

Windows Internet Booster Video

Registry Details

Windows Internet Booster creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [Date of Installation]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector "%AppData%\Protector-[RANDOM].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.