Wednesday 6 June 2012

Windows Maintenance Suite virus to remove

1.Description

Windows Maintenance Suite is a a fake antispyware program that mimics functions of a legitimate program expecting computer users to jump at this bait. The program looks pretty trustworthy at first glimpse. However, if you dig dipper you will see that it only compromises computer systems and swindle the money away.


2. Behavior inside the compromised system

Windows Maintenance Suite as other malwares of this kind heaps up the potential victim with misleading pop-up ads and notifications as soon as it gets on the system. Although it is claimed to be created by Microsoft, is “gift” prepared by scammers and should not be trusted.

3. Files

In the process of the installation, Windows Maintenance Suite copies the following files to the hard disk.

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[rnd].exe
  • %AppData%\result.db

Windows Maintenance Suite creates the following registry entries:

    4. System registry

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

5. Screenshots of the malware




6. Windows Maintenance Suite automatic remover


Windows Maintenance Suite automatic remover

For more information vist our official site http://loaris.com/
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)