Windows Custodian Utility

April 4th, 2012
Home » Rogue Antispyware » Windows Custodian Utility
Repair and protect your computer easily. Download Windows Custodian Utility removal tool  

Windows Custodian Utility description

Windows Custodian Utility is a rogue anti-spyware program installed through the use of trojan. At the moment user’s computer is started the parasite starts its fake scans. Malware shows you fraudulent security alerts stating that PC is infected. It also has an ability to hijack web browser to deceptive websites that sell the program.

Take in advantage that numerous pop-ups displayed at your desktop are all fabricated. You’ll be asked to pay for using a tool, because Windows Custodian Utility is designed to pilfer money from unwary computer users. This is all scam. You are fully safe to ignore fake warnings. Choose the reputable anti-spyware program and remove the malicious program for good.

Manual Windows Custodian Utility Removal


Windows Custodian Utility processes:

Protector-.exe
Help: A Guideline of Killing Malicious Processes


Windows Custodian Utility registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-4-2_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "bavewnrpmb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe
Help: How to edit windows registry entries


Windows Custodian Utility DLLs:

NPSWF32.dll


Other malicious Windows Custodian Utility files:

%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Warding System.lnk
%Desktop%\Windows Warding System.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Windows Custodian Utility, if you are not familiar with deleting malware manually.

Leave a Reply