Windows Monitoring Utility

By Domesticus in Rogue Anti-Spyware Program

Windows Monitoring Utility Image

Windows Monitoring Utility is one of the many dangerous programs of the false Microsoft Security Essentials rogue anti-spyware family. Programs in this scam are meant to scare the user into thinking that the computer is infected by several different viruses and malware applications. Windows Monitoring Utility then poses as a legitimate malware removal tool and pesters the user to provide his/her credit card information to purchase a version of the program that allegedly can remove the fake Trojans found in the system.

Table of Contents

How Does Windows Monitoring Utility Works?

Windows Monitoring Utility uses a Trojan to get into a given computer system without authorization. Once Windows Monitoring Utility is installed, Windows Monitoring Utility will display an alert that looks very similar to an alert from Microsoft Security Essentials, claiming that the system may have been infected by malicious software, and prompting the user to install Windows Monitoring Utility. This harmful program alters the registry, so that Windows Monitoring Utility will start up with Windows. This means that the user will be greeted by the Windows Monitoring Utility splash screen each time he starts up his system. Windows Monitoring Utility then displays a fake system scan. Windows Monitoring Utility will claim to have found Trojan.Horse.Win32.PAV.64.a infecting the user's files, as well as a number of other fake viruses and spyware infections. Once the fake scan is done, Windows Monitoring Utility will ask the users to enter their credit card information, so that they can clean their system from the supposed infections.

Don’t Give Your Money to the Criminals Behind Windows Monitoring Utility

Windows Monitoring Utility is a malware infection that pretends to be a computer security program. Windows Monitoring Utility absolutely does not have the capacity to remove any kinds of infections from a computer system. Don't fall for the scam by giving your credit card information to the creators of Windows Monitoring Utility. The fact that your computer system isn't working as it should be, is because of this harmful rogue anti-spyware application. After you pay, the program will still be on your system, running Windows Monitoring Utility's harmful scripts, compromising your security, and making your computer nearly impossible to use. Computer users who have already provided credit card details in an attempt to stop the infection, should call their credit card companies and block the charges to avoid losing money.

Short-Term and Long-Term Effects of Windows Monitoring Utility

Make no mistake about it, Windows Monitoring Utility can have catastrophic effects on your computer system. Remove Windows Monitoring Utility as soon as possible with a legitimate anti-virus or anti-malware utility and then run several system scans to make sure that there are no remaining security risks on your computer. Some of the short-term effects of Windows Monitoring Utility on your system are a lack of Internet connectivity, blocking of certain programs and essential system utilities, and a general slowdown of your computer system due to the program's scripts. In the long-term, Windows Monitoring Utility was probably not alone. This means that your computer may have been infected by a number of other viruses, malware, or rogue anti-spyware applications. Your computer's security has also been compromised, with the possibility of adware, spyware, or key-loggers remaining on your system.

File System Details

Windows Monitoring Utility may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe
Name: %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe Type: Executable File

Registry Details

Windows Monitoring Utility may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

Messages

The following messages associated with Windows Monitoring Utility were found:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot

Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Windows Monitoring Utility

How Does Windows Monitoring Utility Works?

Don’t Give Your Money to the Criminals Behind Windows Monitoring Utility

Short-Term and Long-Term Effects of Windows Monitoring Utility

File System Details

Registry Details

Messages

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen