Windows Custodian Utility is a rogue anti-spyware program promoted through the use of Trojans, hacked websites and fake online virus scanners. It might be promoted through other malware and means as well. It may even enter the system though system vulnerabilities when scammers use exploit kits to distribute their malicious software. Once installed, the program will state that your computer is infected with viruses, spyware and Trojans but won't remove the infections until you first purchase the rogue anti-spyware program. In reality, the rogue program detects harmless or non-existent files that do not pose any risk to your computer. Thus its scan results can be safely ignored. If you are infected with this rogue anti-spyware program, use the removal guide below to remove Windows Custodian Utility from your computer upon detection.
When running, Windows Custodian Utility will also display fake security alerts and notifications from Windows task bar and other locations to scare you into thinking that your computer is infected. These fake alerts will state that dangerous viruses has been found on your computer and that your sensitive information can be stolen by hackers. It will also state that your computer is under attack from a remote computer controled by malware authors. Just like the scan results, these fake warnings can be safely ignired since they are 100% false. Windows Custodian Utility wants to make you think that your computer is badly infected and that you should pay for a full version of the program to remove the infections which don't even exist.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
As you can see, Windows Custodian Utility is a scam and nothing more. Don't purchase it! If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please follow the remove instructions below to remove Windows Custodian Utility and any related malware from your PC as soon as possible.
The latest parasite names used by FakeVimes:
Windows Custodian Utility manual removal:
Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
%CommonStartMenu%ProgramsWindows Custodian Utility.lnk
%Desktop%Windows Custodian Utility.lnk