1.Description
Windows Advanced Toolkit is a rogue anti-malware program that gains access to a system mostly by means of fake online virus scanners and hacked websites. More specifically speaking it's a Trojan horse disguised itself as anti-malware software. The most common goal of Windows Advanced Toolkit is to steal personal information: name, credit card number, etc. and pilfer some sum of your hard-earned money for so-called allmighty anti-virus program.
2. Typical rogue behavior inside the affected computer system
Such rogue anti-spyware could be easily downloaded with the help of drive-by downloads, trojans, or from infested websites containing contagious scripts, but it is really a piece of work to catch it out on the contaminated system. Upon reaching its pint of destination, the malware will arrange the multitude of scans on your PC. All of them are fake and must not be treated as serious. The startups of the hoax are not authorized by you, by the way. The only purpose of the pest is to eventually lead you to the point where you will be asked to buy the fake licensed version of this malware as a supposed remedy for removal of these fake threats. Keep in mind that there is no such “ultimate protection” as advertised In order to effectively remove this parasite use GridinSoft Trojan Killer removal guide. You can choose manual or automatic option.
3. Files
Protector-[rnd].exe in %AppData% folder
4. System registry
Windows Advanced Toolkit creates the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
No comments:
Post a Comment