Severity scale:  

Windows Custodian Utility. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as WindowsCustodianUtility | Type: Rogue Antispyware

Windows Custodian Utility is a rogue anti-spyware program promoted through the use of Trojans, hacked websites and fake online virus scanners. It might be promoted through other malware and means as well. It may even enter the system though system vulnerabilities when scammers use exploit kits to distribute their malicious software. Once installed, the program will state that your computer is infected with viruses, spyware and Trojans but won't remove the infections until you first purchase the rogue anti-spyware program. In reality, the rogue program detects harmless or non-existent files that do not pose any risk to your computer. Thus its scan results can be safely ignored. If you are infected with this rogue anti-spyware program, use the removal guide below to remove Windows Custodian Utility from your computer upon detection.

When running, Windows Custodian Utility will also display fake security alerts and notifications from Windows task bar and other locations to scare you into thinking that your computer is infected. These fake alerts will state that dangerous viruses has been found on your computer and that your sensitive information can be stolen by hackers. It will also state that your computer is under attack from a remote computer controled by malware authors. Just like the scan results, these fake warnings can be safely ignired since they are 100% false. Windows Custodian Utility wants to make you think that your computer is badly infected and that you should pay for a full version of the program to remove the infections which don't even exist.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

As you can see, Windows Custodian Utility is a scam and nothing more. Don't purchase it! If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please follow the remove instructions below to remove Windows Custodian Utility and any related malware from your PC as soon as possible.

The latest parasite names used by FakeVimes:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Custodian Utility you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Custodian Utility. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Custodian Utility (2012-08-02)
We have tested Malwarebytes's efficiency in removing Windows Custodian Utility (2012-08-02)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Custodian Utility (2012-08-02)
We have tested Malwarebytes's efficiency in removing Windows Custodian Utility (2012-08-02)
Windows Custodian Utility snapshot
Windows Custodian Utility

Windows Custodian Utility manual removal:

Kill processes:

Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Run "Inspector"

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"


HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe

Delete files:

%AppData%Protector-3 characters.exe


%CommonStartMenu%ProgramsWindows Custodian Utility.lnk

%Desktop%Windows Custodian Utility.lnk

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions