Read the same in:    English  Polski  Русский  
You are welcome to subscribe to "New articles in Knowledge Base" mailing list.




Virus Activity

Virus Activity

virus activity is normal




 
Search :  
Search tips Article ID # :     
 

Windows Shielding Utility

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. For your convenience in this section we gathered all known rogue security software in one list by alphabet.


Windows Shielding Utility

 ID Article: 8486    Other languages:  Polski  Русский      Views for 7 days 7    Last modified on 2012 Apr 05 17:28 Printable version

1. Program description

Windows Shielding Utility is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provides the user with no protection (Rogue Security Software).

2. Actions

The program starts a misleading scan process. Once the scan is started Windows Shielding Utility generates and shows fake messages about viruses, trojans and worms detected on the computer. Still the detected viruses cannot be deleted unless the program license is purchased.

3. Files

During the installation Windows Shielding Utility copies the following files to the hard drive:

  • %AppData%\Protector-[random].exe
  • %AppData%\result.db
  • %UserProfile%\Desktop\Windows Shielding Utility.lnk
  • %AllUsersProfile%\Start Menu\Programs\Windows Shielding Utility.lnk

4. System registry

In order to function normally Windows Shielding Utility creates the following branch in the system registry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
    Inspector = %AppData%\Protector-[random].exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
    Debugger = svchost.exe
  • and many others

5. Screenshots of the program

6. Windows Shielding Utility removal

Before uninstalling Windows Shielding Utility by OS Windows standard tools register the software using the following serial number:

0W000-000B0-00T00-E0020


Useful references
 

 

 Did the provided info help you?

                       

 Give your detailed feedback.

 

Kaspersky Lab

Copyright © 1997-2014 Kaspersky Lab
Site map  |   International Support Service  |  Send us a suspected file
Login CompanyAccount  |   Register  |   FAQ for CompanyAccount  |   Login Your Personal Cabinet

Stay connected