Windows PC Aid

Windows PC Aid Description

ScreenshotWindows PC Aid is a fake anti-virus program that is created to cheat PC users and swindle them out of their money. Windows PC Aid attempts to fool PC users into thinking their machines have been corrupted by numerous malware threats. After that, Windows PC Aid urges PC users to buy its so-called full edition, which would allegedly remove found PC infections. Windows PC Aid is advertised through the use of Trojans. Once installed on the affected machine, Trojans will download and install Windows PC Aid onto your computer. When Windows PC Aid is running, it will execute a fictitious system scan and display a list of fabricated malware infections.

Windows PC Aid is part of the family. Other members of the FakeVimes family that are clones of Windows PC Aid include

PC Aid will also bombard your desktop with falsified warning messages that state your computer is at risk. Windows PC Aid will hijack your web browser and block anti-virus and anti-spyware software. Windows PC Aid may also block all programs, not only anti-virus or anti-spyware software. Finally, Windows PC Aid will ask you to pay for its supposed licensed version to allegedly fix nonexistent infections. ESG's malware researchers highly recommend you not to rely upon and purchase Windows PC Aid. Uninstall Windows PC Aid from your computer as quickly as possible with a genuine security tool.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows PC Aid infects a computer.

Windows PC Aid Video

Registry Details

Windows PC Aid creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\oftware\Microsoft\Windows\CurrentVersion\Run\Windows PC Aid”%CommonAppData%\58ef5\SP98c.exe” /s /d
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\DisplayVersion 1.1.0.1010
HKCU\Software\MicrosoftWindows\CurrentVersion\Uninstall\Windows PC Aid\Publisher UIS Inc.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandler
HKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\DisplayIcon [unknown dir]\[unknown file name].exe,0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\DisplayName Windows Malware Firewall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\InstallLocation [unknown dir]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exe
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\MaxFileSize 1048576
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows PC Aid\UninstallString “[unknown dir]\[unknown file name].exe” /del
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandler
HKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandler
HKEY_LOCAL_MACHINE\Software\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\EnableFileTracing 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FWCFG\FileTracingMask -65536
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.