1 of 4
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsTweakingUtility

Windows Tweaking Utility

It seems as though developers of rogue security tools have been busy of late, as the latest addition to the Fake Microsoft Security Essentials scam, Windows Tweaking Utility, follows hot on the heels of its predecessors – Windows Tasks Optimizer and Windows Attention Utility. This Windows Tweaking Utility is a rogue antispyware application out to rip its victims off, plain and simple. Windows Tweaking Utility will cause severe damage to the PC, and will not relent until the PC owner parts with his money or ultimately decides to get rid of Windows Tweaking Utility.

This rogue enters the system under suspicious circumstances, and will remain dormant on the PC until it is ready to start its attack against the system. It makes use of established forms of infection, which includes bogus online malware scanners and seditious browser hijackers. Users are forcefully redirected from their search and browsing sessions to compromised landing pages, where thanks to drive-by download tactics employed by Windows Tweaking Utility’s browser hijackers the rogue will clandestinely enter and root itself in the system. The first clue the user will have as to the presence of Windows Tweaking Utility on the system will come from a fake system scan necessitated by Windows Tweaking Utility.

Download Spyware Removal Tool to Remove* Windows Tweaking Utility
  • Quick & tested solution for Windows Tweaking Utility removal.
  • 100% Free Scan for Windows

This fake system scan will yield various bogus results, including the now infamous Unknown Win32/Trojan and It will then prompt you to scan your computer, which will start a fake scan of your computer that ultimately states that a particular file is infected with Trojan.Horse.Win32.PAV.64.a. None of the results obtained in Windows Tweaking Utility’s fake system scans can be trusted, and users are urged never to believe any correspondence received from Windows Tweaking Utility. This fake security tool will not only drudge up fake system scans, but will also spam the user with numerous fake security alerts.

These fake security messages are completely without basis, and should be utterly disregarded. Some of the most popular fake alerts used by Windows Tweaking Utility as part of its attack against the system include:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

Of course none of these fake alerts can be trusted, and users should never act on any call to action contained therein. Doing so will only make it that much easier for Windows Tweaking Utility to rip you off.

At the end of the day you will only be able to regain control of your PC if you destroy Windows Tweaking Utility for good. This is best achieved by using a genuine security tool which will not only obliterate Windows Tweaking Utility but also protect against similar future attacks.

Download Spyware Removal Tool to Remove* Windows Tweaking Utility
  • Quick & tested solution for Windows Tweaking Utility removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Tweaking Utility

Files associated with infection (Windows Tweaking Utility):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Tweaking Utility):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Tweaking Utility):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.