Severity scale  
  (73/100)

Windows Custodian Utility. How to Remove? (Uninstall Guide)

removal by - -   Also known as WindowsCustodianUtility | Type: Rogue Antispyware
12

Windows Custodian Utility is a rogue anti-spyware program promoted through the use of Trojans, hacked websites and fake online virus scanners. It might be promoted through other malware and means as well. It may even enter the system though system vulnerabilities when scammers use exploit kits to distribute their malicious software. Once installed, the program will state that your computer is infected with viruses, spyware and Trojans but won't remove the infections until you first purchase the rogue anti-spyware program. In reality, the rogue program detects harmless or non-existent files that do not pose any risk to your computer. Thus its scan results can be safely ignored. If you are infected with this rogue anti-spyware program, use the removal guide below to remove Windows Custodian Utility from your computer upon detection.

When running, Windows Custodian Utility will also display fake security alerts and notifications from Windows task bar and other locations to scare you into thinking that your computer is infected. These fake alerts will state that dangerous viruses has been found on your computer and that your sensitive information can be stolen by hackers. It will also state that your computer is under attack from a remote computer controled by malware authors. Just like the scan results, these fake warnings can be safely ignired since they are 100% false. Windows Custodian Utility wants to make you think that your computer is badly infected and that you should pay for a full version of the program to remove the infections which don't even exist.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

As you can see, Windows Custodian Utility is a scam and nothing more. Don't purchase it! If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please follow the remove instructions below to remove Windows Custodian Utility and any related malware from your PC as soon as possible.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Custodian Utility. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Windows Custodian Utility. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2012-08-02 01:59)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2012-08-02 01:59)
Hitman Pro
Webroot SecureAnywhere AntiVirus
Windows Custodian Utility screenshot
Windows Custodian Utility snapshot

Windows Custodian Utility manual removal

Kill processes:
Protector-[rnd].exe
Delete registry values:
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System "DisableRegedit" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Run "Inspector"
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Settings "net" = "2012-3-11_2?
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings "UID" = "origkboryd"
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\InternetExplorer\\Main\\FeatureControl\\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\atcon.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bipcp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ecengine.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\infwin.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\msconfig
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\PavFnSvr.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sahagent.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\titaninxp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wsbgate.exe
Delete files:
%AppData%\NPSWF32.dll
%AppData%\Protector-3 characters.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Custodian Utility.lnk
%Desktop%\Windows Custodian Utility.lnk

Information updated:

Comments on Windows Custodian Utility

0
0
Steve
Thanks so much for the excellent/detailed instructions. It worked for me just fine. A true Lifesaver! I tried so many other things and your easy steps worked! now i can work the internet again!! Thanks so so much!

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)