Friday, June 22, 2012

Windows Advanced Toolkit malware

1.Description

Windows Advanced Toolkit is a corrupt antivirus that represents a serious menace for all PC owners. If you an active Internet user you are prone to run into this issue.


2. Algorithm of actions inside the affected computer system

Typically Windows Advanced Toolkit totally disregards the authentication barriers as the restriction, since it is able to install itself without user’s approva. It uses up-to-date rootkit techniques to get the targeted PC. It is not very pleasant to listen, but if you notice any signs of this scam it means that your antivirus has failed to resist this malicious attack. When this badware is launching on your machine, it generates warning messages stating that some potentially risky items are detected. This fraudware reports trojans, keyloggers, rootkits, spyware etc to identify. Such pre-programed detection list is a the part of well thought-out-scheme on how to push you into buying its non-existent full version of Windows Advanced Toolkit which can allegedly eliminate the viruses spotted on your computer.

3. Files

In the process of the installation, Windows Advanced Toolkit copies the following files to the hard disk.

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[rnd].exe
  • %AppData%\result.db

4. System registry

Windows Advanced Toolkit creates the following registry entries:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

Windows Advanced Toolkit malware remover:

malware removal tool

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)