- Block exe files from running
- Installs itself without permissions
- Connects to the internet without permission
- Slow internet connection
- System crashes
- Annoying Pop-up's
- Slow Computer
Windows Tweaking Utility
It seems as though developers of rogue security tools have been busy of late, as the latest addition to the Fake Microsoft Security Essentials scam, Windows Tweaking Utility, follows hot on the heels of its predecessors – Windows Tasks Optimizer and Windows Attention Utility. This Windows Tweaking Utility is a rogue antispyware application out to rip its victims off, plain and simple. Windows Tweaking Utility will cause severe damage to the PC, and will not relent until the PC owner parts with his money or ultimately decides to get rid of Windows Tweaking Utility.
This rogue enters the system under suspicious circumstances, and will remain dormant on the PC until it is ready to start its attack against the system. It makes use of established forms of infection, which includes bogus online malware scanners and seditious browser hijackers. Users are forcefully redirected from their search and browsing sessions to compromised landing pages, where thanks to drive-by download tactics employed by Windows Tweaking Utility’s browser hijackers the rogue will clandestinely enter and root itself in the system. The first clue the user will have as to the presence of Windows Tweaking Utility on the system will come from a fake system scan necessitated by Windows Tweaking Utility.
This fake system scan will yield various bogus results, including the now infamous Unknown Win32/Trojan and It will then prompt you to scan your computer, which will start a fake scan of your computer that ultimately states that a particular file is infected with Trojan.Horse.Win32.PAV.64.a. None of the results obtained in Windows Tweaking Utility’s fake system scans can be trusted, and users are urged never to believe any correspondence received from Windows Tweaking Utility. This fake security tool will not only drudge up fake system scans, but will also spam the user with numerous fake security alerts.
These fake security messages are completely without basis, and should be utterly disregarded. Some of the most popular fake alerts used by Windows Tweaking Utility as part of its attack against the system include:
Microsoft Security Essentials Alert
Threat prevention solution found
System Security Warning
Of course none of these fake alerts can be trusted, and users should never act on any call to action contained therein. Doing so will only make it that much easier for Windows Tweaking Utility to rip you off.
At the end of the day you will only be able to regain control of your PC if you destroy Windows Tweaking Utility for good. This is best achieved by using a genuine security tool which will not only obliterate Windows Tweaking Utility but also protect against similar future attacks.
How to manually remove Windows Tweaking Utility
Files associated with Windows Tweaking Utility infection:
Windows Tweaking Utility processes to kill:
Remove Windows Tweaking Utility registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'