Tuesday, June 19, 2012

Windows Maintenance Guard virus removal tips

1.Description

Windows Maintenance Guard is a corrupt anti-virus software that tends to get commercial profit by deceiving unwary Internet users.


2. Malicious things done on the infected machine

It squeezes to the targeted PC without being noticed. It does not wait for your approval or consent. Windows Maintenance Guard tunes up the system in such way to start after every Windows reboot. Once you restart your computer the pest interferes into your steady work with annoying pop ups and fake system checkups. Upon the termination of such bogus scans, the deceitful scan results are generated. The scanning reports are worth no trusting. The potential victim is misinformed that the PC needs immediate aid in order to prevent the PC crash. If you attempts to delete all allegedly detected insecure items by means of “almighty remedy” you will be rerouted to the web page where the commercial version of Windows Maintenance Guard is offered.

3. Files

In the process of the installation, Windows Maintenance Guard copies the following files to the hard disk.

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[rnd].exe
  • %AppData%\result.db

4. System registry

Windows Maintenance Guard creates the following registry entries:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

5. Screenshots of the malware


Windows Maintenance Guard malware remover:

malware removal tool

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)