After watching a recent video by Jim Browning, I was inspired to do some digging into the Win Tonic “Antivirus” application, and I’m a bit concerned about what I’ve found.
First, to set the scene, I received this popup from one of my known Typo Squat URLs, which took me to a page that looked like I was infected with malware. The cure, of course, was Win Tonic.

After downloading and installing the app, I found some interesting breadcrumbs left behind. One of those was the URL I visited, a referral code, as well as the campaign ID.

Another piece of information found was a "firing URL", which said firing url as silent build : http://www.winactiv.com/install/wtc/?
A quick Who Is shows this domain is protected by Domains by Proxy https://whois.icann.org/en/lookup?name=winactiv.com
Additionally, on the installation splash screen, they show that the product was "Checkmark Certified" (https://search.checkmarkcertified.com ) AND also revealed something else. The company behind this product is actually called Innovana Thinklabs Ltd.
Previously, I had never made the connection between Win Tonic and Innovana Thinklabs Ltd. However, I went to their site, https://www.innovanathinklabs.com/Products, and found a product called ITL Malware.
Here is a side by side screen shot of the installers

It doesnt take a rocket scientist to see that the products are identical, short of the logos/branding.
Also, of greater concern, is that Win Tonic is actually listing AVAST! Antivirus as a supplemental download. I was unable to get it to actually download AVAST!, but I question whether or not there is a true partnership between the two companies. AVAST!, in my opinion, has been a reputable company, so I'm not sure how to take this.

I would love to say the mud is clearer now, but I think I've just begun to go down the rabbit hole of Win Tonic.