One of the latest new versions of fake antivirus programs, from the family of fakeries, is Windows Maintenance Suite. This software is designed to earn money from those users, who are looking for easy ways to earn money. This is based on the antivirus functions tools. However, it is not capable to perform any antivirus functions.

This software is distributed by those websites that have malicious contents and softwares; hence,the program can easily infiltrate without any approval from the user. When the program penetrates inside the computer, it will automatically start a fake scan that displays false results.The scan result shows that your system is infected and contains many infected files.It also sends you alerts and warnings that your system is at risk, while in reality,your computer isn’t infected at all. Windows maintenance suite will continuously sends you messages, alerts and notices that your computer is at risk so that you buy its full version.

Why they want to sell copies of their software as many as they can? The simplest answer is to earn money and for commercial purposes. Sadly this software hasn’t got any useful functions and all the services it offers are false. It can only display fake scan results and send you warnings so that you will buy its licensed version. Some of the errors it displays are:

Error

Key logger activity detected. System information security is at risk.                                                             It is recommended to activate protection and run full system scan.

Error

Software without a digital signature detected.                                                                                            Your system files are at risk. We strongly advise you to activate your protection.

This program can also block other genuine programs of your system including genuine security tool. Thus your system becomes more defenseless for many infections. It is highly recommended that use reputable antivirus program and remove this malicious program from your system as soon as possible.

Remove Windows maintenance suite Processes

  1. Press ALT+CTRL+DEL.
  2. Find the process Protector-[rnd].exe.

Remove Windows maintenance suite Registry key values

  1. Type regeditin the Run and find out the following files.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-6-6_4″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “udhlcibmtm”

HKEY_CURRENT_USER\Software\ASProtect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ Inspector = %AppData%\Protector-[random].exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\ Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\ Debugger = svchost.exe

Remove Windows maintenance suite other files.

  1. Open Run.
  2. Type cmd and press Ok.
  3. Enter the name of the Windows custom safety file along with the directory name.
  4. When the required file is shown write down “regsvr32 /u SampleName.exe” and change Sample Name.exe with the following Windows custom safety name:

%AppData%\NPSWF32.dll

%AppData%\Protector-<random 3 chars>.exe

%AppData%\Protector-<random 4 chars>.exe

%AppData%\result.db

%AppData%\1st$0l3th1s.cnf

 

How to remove Windows Maintenance Suite?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>