Multi-Device Licenses (Volume Discounts)

Change Region

English
Threat Database Rogue Anti-Spyware Program Windows Tweaking Utility

Windows Tweaking Utility

By Domesticus in Rogue Anti-Spyware Program

Windows Tweaking Utility Image

Windows Tweaking Utility is not used to tweak anything. If the typical name made you suspicious, then you would be right. Windows Tweaking Utility is one more in a chain of, sometimes hilariously named, rogue security application. More specifically, Windows Tweaking Utility belongs to the Fake Microsoft Security Essentials Alert family of rogue anti-spyware. There are dozens of identical rogues in this family, only differentiated by their names and slight tweaks to their interface. Here are the facts you need to know about Windows Tweaking Utility:

  • Windows Tweaking Utility is a severe security threat to your computer.
  • Windows Tweaking Utility is not a real performance enhancer or security application.
  • Windows Tweaking Utility is designed to cause harmful effects in your computer.
  • The main goal of Windows Tweaking Utility is to steal your credit card information.
  • Windows Tweaking Utility should be removed immediately with a trustworthy anti-malware utility.

Windows Tweaking Utility’s Long List of Clones

Windows Tweaking Utility in particular has a very long list of clones. Every day, hackers release new clones of this rogue security application. In fact, there are so many clones for this program that it would seem that the people behind Windows Tweaking Utility are running out of names. Some are so nonsensical that they may actually be randomly generated from a list of synonyms. The names of Windows Tweaking Utility can go from the plausible (e.g. Windows Cleaning Tool), to the slightly weird (e.g. Windows Work Checker) and finally to the downright strange (e.g. Windows Proofness Guarantor). One factor that may be influencing the faulty English in these titles and in the program's messages is that they are thought to originate from the Russian Federation. Clones of Windows Tweaking Utility first started to become widespread in 2010.
 

Dealing with Windows Tweaking Utility

Remember, Windows Tweaking Utility is not a real security tool. That means that you should completely ignore Windows Tweaking Utility's many error messages, security alerts, pop-up windows, and the fake scan Windows Tweaking Utility runs when it first starts up. The real infection on your computer is Windows Tweaking Utility itself. To remove Windows Tweaking Utility, it is recommended that you start up in Safe Mode and then use a legitimate anti-malware utility. It is also possible to remove Windows Tweaking Utility manually, but this is not recommended if you do not know exactly what to do. Once Windows Tweaking Utility is removed, run a full scan of your computer to catch any remains of this dangerous attacker.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Details

Windows Tweaking Utility may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe

Registry Details

Windows Tweaking Utility may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = "%AppData%\Microsoft\{RANDOM CHARACTERS}.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

Messages

The following messages associated with Windows Tweaking Utility were found:

Attention
Suspicious software activity is detected.
Please start system files scanning for details.
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
Warning!
Name: taskmgr.exe
Name: C:\WINDOWS\taskmgr.exe.

Trending

Most Viewed

Loading...