1 of 2
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Windows Attention Utility

Developers of rogue antispyware never sleep, as Windows Attention Utility, the latest clone of Windows Inspection Utility and Windows Oversight Center proves. This rogue, as its predecessors, enters the system without invite or acknowledgement and surreptitiously roots itself there and remains hidden. Only once Windows Attention Utility is ready to start its attack on the system will the user become aware of its presence on his PC.

Windows Attention Utility manages to infiltrate the PC without sounding off any alarm bells by making use of established forms of infection. These include using browser hijacking websites to forcefully redirect users to their sites and infect them with drive-by download tactics, as well as using bogus good for nothing online malware scanners.

Once Windows Attention Utility successfully roots itself, it will reveal its presence to the user by initiating a fake system scan. This fake scan will report on various fake threats which are supposedly crippling the system. After the scan finishes, Windows Attention Utility will spam the user with various falsely generated security notifications. Some of these fake alerts will force the user to click on the buttons. Not doing so will result in the user being unable to use his PC and Desktop again. If the user follows the instructions contained in the fake alerts generated by Windows Attention Utility, the Windows Attention Utility installation files will be loaded and the user will be instructed to reboot the system.

Download Spyware Removal Tool to Remove* Windows Attention Utility
  • Quick & tested solution for Windows Attention Utility removal.
  • 100% Free Scan for Windows

Once the system reboot completes, the following message will appear:

Safe Boot
Safe Boot includes several tools allowing the operational system to better control application software, so that to achieve enhanced security and system stability.

These elements make it possible for the operational system to perform tasks otherwise not feasible without relevant hardware support.

One thing is clear, and that is that you cannot trust any correspondence received from Windows Attention Utility. All of its literature and fake security notifications were designed to ultimately force the user into paying for its worthless software. It uses genuine Microsoft icons, such as the widely known Windows Orb on its graphical interfaces in order to infer legitimacy, as well as displaying the words:

Ask for Genuine Microsoft Windows Software

Some of the other popular fake security notifications used include:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.


Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

This Windows Attention Utility ultimately does not have the ability to live up to any of its over embellished promises, and users are warned against ever paying for any Windows Attention Utility product. If you suffer from this infection, you can only restore your PC’s security and privacy if you get rid of Windows Attention Utility for good. This can safest be achieved by making use of a genuine security tool which will also protect your system in future.

Download Spyware Removal Tool to Remove* Windows Attention Utility
  • Quick & tested solution for Windows Attention Utility removal.
  • 100% Free Scan for Windows

How to manually remove Windows Attention Utility

Files associated with Windows Attention Utility infection:


Windows Attention Utility processes to kill:


Remove Windows Attention Utility registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.