Windows Advanced Toolkit

From Wiki-Security, the free encyclopedia of computer security

Windows Advanced Toolkit Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<
Notice:






SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:


If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Windows Advanced Toolkit is a rogue anti-spyware program that takes advantage of the need of PC users for legitimate PC security programs. Released by the infamous family of malware known as FakeVimes, Windows Advanced Toolkit is just one of the many rogue anti-spyware programs being spread on the web today. The variants of this rogueware include Windows ProActive Safety, Windows Control Series and Windows Maintenance Guard. Branded as one of the legitimate anti-spyware applications from Microsoft and working through scans and alerts that mislead PC users on the real state of their computers, Windows Advanced Toolkit is a scam at its core. Any detection of the Windows Advanced Toolkit malware should be followed by its effective and complete removal.

Reasons for Windows Advanced Toolkit Prevalence


Rogue anti-spyware applications like Windows Advanced Toolkit are not new on the Internet. Known also as scamware or extortionware, these fraudulent applications rose to a greater number beginning 2009. Wiki-security.com malware analysts have identified one major objective in the creation of Windows Advanced Toolkit and its myriad clones: profit. This explains why, after launching scans and alerts, this malicious software will prompt the user to pay for its alleged full version. The cyber criminals behind Windows Advanced Toolkit also ensure that this malware evades detection as long as possible.
This gives Windows Advanced Toolkit long enough time to carry out its mischievous and stealthy activities. These include lowering PC security settings to introduce more malware and changing the PC registry settings to prevent the access of various applications. Browser redirects to malicious websites are also common. Once Windows Advanced Toolkit has succeeded in its efforts at persuasion, Windows Advanced Toolkit will promote itself as the real fix to all the security issues; only this time a payment is needed for the fix.

Nature of the Distribution of Windows Advanced Toolkit


The successful distribution of Windows Advanced Toolkit relies on corrupt websites that advertise malware scanning tools and then invite the user to download the malware. It is also spread through drive-by-downloads that take advantage of PC vulnerabilities. Since websites carrying these drive-by-downloads do not prompt the user or ask for permission prior to installing, these malicious files are difficult to detect. Many of these seemingly-harmless downloads may appear in the form of a browser toolbar, screensaver or PDF viewer attachments. However, they are often bundled with Trojans that silently introduce the rogue anti-spyware application into the targeted computer.
From too-quick-to-be-real scans to fake pop-up warnings and PC slowdowns the harmful activities of Windows Advanced Toolkit all lead to serve one final purpose. The user is persuaded to pay for the rogue anti-spyware software and finally get rid of the scans and pop-ups. However, Windows Advanced Toolkit is the scam and must be eliminated without further delay.

Windows Advanced Toolkit, while it borrows its label from the renowned Windows brand, is not a product from Microsoft. Windows Advanced Toolkit is simply a rebranded form of the many rogue anti-spyware programs written mainly for profit and nothing much else. Save your money for reliable, legitimate PC security software from equally reliable vendors. Delete Windows Advanced Toolkit and stay away from corrupt extortionware such as this in the future!

To check your computer for Windows Advanced Toolkit, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Windows Advanced Toolkit and other threats. If you detect the presence of Windows Advanced Toolkit on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Windows Advanced Toolkit.

Contents

Detection of Windows Advanced Toolkit (Recommended)

Windows Advanced Toolkit is difficult to detect and remove. Windows Advanced Toolkit is not likely to be removed through a convenient "uninstall" feature. Windows Advanced Toolkit, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Windows Advanced Toolkit and other spyware, adware, trojans and viruses on your computer.

Run a Windows Advanced Toolkit scan/check to successfully detect all Windows Advanced Toolkit files with the SpyHunter Spyware Detection Tool. If you wish to remove Windows Advanced Toolkit, you can either purchase the SpyHunter spyware removal tool to remove Windows Advanced Toolkit or follow the Windows Advanced Toolkit manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Windows Advanced Toolkit. Windows Advanced Toolkit can come bundled with shareware or other downloadable software.

Another method of distributing Windows Advanced Toolkit involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Windows Advanced Toolkit on your system. Windows Advanced Toolkit installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Windows Advanced Toolkit, use this SpyHunter Spyware dectection tool to detect Windows Advanced Toolkit and other common Spyware infections. After detection of Windows Advanced Toolkit, the next advised step is to remove Windows Advanced Toolkit with the purchase of the SpyHunter Spyware removal tool.

Symptoms

Windows Advanced Toolkit may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Windows Advanced Toolkit from your computer.

Remedies and Prevention

Windows Advanced Toolkit, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Windows Advanced Toolkit along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Windows Advanced Toolkit, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Windows Advanced Toolkit and other types of spyware.

Remove Windows Advanced Toolkit manually

Another method to remove Windows Advanced Toolkit is to manually delete Windows Advanced Toolkit files in your system. Detect and remove the following Windows Advanced Toolkit files:

Processes

  • %AppData%\Windows Advanced Toolkit\ScanDisk_.exe
  • %CommonAppData%\58ef5\SP98c.exe

Other Files

  • %AppData%\Windows Advanced Toolkit\Instructions.ini
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Advanced Toolkit.lnk
  • %Programs%\Windows Advanced Toolkit.lnk
  • %Desktop%\Windows Advanced Toolkit.lnk
  • %StartMenu%\Windows Advanced Toolkit.lnk
  • %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
  • %CommonAppData%\58ef5\SPT.ico

Registry Keys

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety"%CommonAppData%\58ef5\SP98c.exe" /s /d
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware Firewall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion 1.1.0.1010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString "[unknown dir]\[unknown file name].exe"/del
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe

External links

If you believe your computer is infected with spyware,
Wiki-Security recommends using SpyHunter's spyware detection tool to check for the latest spyware threats.



Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Windows Advanced Toolkit or its creators in any way. This website does not advocate the actions or behavior of Windows Advanced Toolkit and its creators. Our objective is to provide Internet users with the know-how to detect and remove Windows Advanced Toolkit and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Windows Advanced Toolkit in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views
Navigation