Windows Shielding Utility
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 8,830 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 1,259 |
| First Seen: | April 3, 2012 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
Windows Shielding Utility Image
If you have installed Windows Shielding Utility on your computer, of if an application by this name has suddenly appeared on your hard drive, you may have become the target of a malware attack. ESG security analysts have issued a warning against rogue security programs in a large family of malware known as FakeVimes. Rogue security programs are applications that mimic the look of anti-virus or anti-malware programs, but that are actually part of a well-known scam. Windows Shielding Utility has been identified as one of these fake security applications.
Rogue security programs in the FakeVimes family have been around since 2009 and include such bogus security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
Do not be misled by the different names that these fake security tools use; criminals create dozens or even hundreds of versions of the same malware infection, so it can stay ahead of PC security researchers, significantly increase the difficulty of removal and detection, and to target a wider population of potential victims. There are several characteristics that are unique to the FakeVimes family of rogue security programs, such as the use of file names made up of a string of three random letters preceded with either "protector-" or "inspector-" (in the case of Windows Shielding Utility) and the use of similar interfaces and the same fake start-up screen. However, in most regards, Windows Shielding Utility is very similar to most known rogue security applications in the manner of infection and in the scam that Windows Shielding Utility tries to carry out.
Table of Contents
Taking a Closer Look at the Windows Shielding Utility Scam
The Windows Shielding Utility scam is simple: criminals create fake security programs like Windows Shielding Utility that cause problems on a computer system instead of fixing it. Whenever the victim tries to fix these problems, Windows Shielding Utility will claim that the computer user must purchase a "full version" of Windows Shielding Utility. These supposed "full versions" tend to be on the expensive side. ESG security analysts strongly advise against paying for Windows Shielding Utility or any of its clones. It has been reported that Windows Shielding Utility has no actual anti-malware or anti-virus capabilities. This program is designed to do two basic things: (1) display misleading error messages and fake system scans, and (2) try to convince the victim to purchase Windows Shielding Utility by directing them to the Windows Shielding Utility website through various means.
Windows Shielding Utility Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %AppData%\Inspector-[RANDOM CHARACTERS].exe | |
| 2. | %AppData%\npswf32.dll | |
| 3. | %CommonPrograms%\Windows Shielding Utility.lnk | |
| 4. | %DesktopDir%\Windows Shielding Utility.lnk |
Registry Details
URLs
Windows Shielding Utility may call the following URLs:
| dnsvibes.co |
Messages
The following messages associated with Windows Shielding Utility were found:
|
Error
Attempt to modify registry key entries detected. Registry entry analysis is recommended. |
|
Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124 Target: Your passwords for sites |
