Windows Tool

By | March 1, 2011 | 0 Comment

Windows Tool is a new version of rogue security application that came from the family who releases various versions of useless Windows optimization tools. Windows Tool will pretend as a legitimate application for system problems that will simulate a fake scan on system performance and provide a false report that will be helpful in convincing its victims to purchase the licensed version of the program.

Windows Tool will be able to infect computers by using a Trojan. There are also instances that Windows Tool will be installed with users intervention when it disguised as a multimedia player for an adult web sites. When this player is downloaded, it will automatically install an unlicensed version of Windows Tool. If this malware remains on the system, it may connect to a remote server to download additional files that will strengthen its presence on the PC.

Remove Windows Tool immediately with a trusted application. One of the most powerful rogue remover is included on this page. Use it to remove Windows Tool and all or the associated files loaded on the system.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Tool Infection?

It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’

The threat will drop the following malicious files:
%AllUsersProfile%\Application Data\~[random]
%AllUsersProfile%\Application Data\~[random]
%AllUsersProfile%\Application Data\[random].dll
%AllUsersProfile%\Application Data\[random].exe
%AllUsersProfile%\Application Data\[random]
%AllUsersProfile%\Application Data\[random].exe

Leave a Reply

Your email address will not be published. Required fields are marked *