« Green-av.com
SaveDefense »

Safety Center

No Comments
GoldSparrow By GoldSparrow in Rogue Anti-Spyware Program | 23 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
Loading ... Loading ...
Translate To:     Português

Safety Center Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

Safety Center is a rogue anti-spyware application originating from the same family as Secret Service and Privacy Center. Safety Center must be installed manually, and once active, begins display fake infection results in order to trick the user into believing that the computer has been compromised. The user is then prompted to purchase the commercial version of Safety Center in order to combat these threats or fix the various problems.

Type: Rogue AntiSpyware Programs

How Can You Detect Safety Center?

 
 

Download SpyHunter’s Detection Scanner
to Detect Safety Center.

 
 

Safety Center Technical Report

As new Safety Center details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Safety Center files with its MD5s were created in the system:

File Name File Size MD5
setup[1].exe 30720 1f761fc012336d4fba67c6638c182826
protector.exe 1141248 e1ad9c7b0cde33daaf77ee2963200204
~2.dll 219136 52f049d416769edb816c0ac60ce3bf1c
u3[1].exe 1314816 512f139a3d86560c14aa89b629867ef5
start.exe 1171456 40b38ab43826bb70afa80ee1ab0d307e
start.exe 1210880 516f4420183db0838f91ca3564643e60
protector.exe 1664256 bea1f7bcb5aa7c5d5daeb8d4e27eb3bf
start.exe 1211392 13038e955847a280da1231fc6dc07c5e
start.exe 1211392 b5eb627ba12d421daaf64f0bf20b621d
start.exe 982016 9dacbe9402b1264018eabb917a7b653e
start.exe 1171456 ab672be83c7fa28639b8da6cc62e6288
start.exe 1212928 3ca8dad2f85b17aa931ab00b18374d18
start.exe 1210368 878433485252c309ef1a072c3269b990
start.exe 982016 51c5af198df85cca8162c21b8172733c
start.exe 1210880 45ae05272c90fd68c712c232112ac60f
start.exe 982016 5384d1bc58886ce4a8d29429e0a74033
start.exe 982016 a0d0e5626c7d57d267460ac5452a1bec
hlp.dll 219136 231ec9438897ec57a38aab34afdd36b3
hlp.dll 219136 d0e88a8e331603c5599a13f255495c34
~52C.dll 218624 d40c15aa49878c82f3cf7d0816d97020
ho.dll 213504 01508bdaf8e02c5e4e004bc1152f1e9e
start.exe 1242112 9514a657f138aff8c5b7ff89f4e3ca78
ie.dll 188928 93fa28bb594d31c347eeb67d416547c2
start.exe 1260032 f165dd7bdf838c4bd5dad7a95814bdf2
start.exe 1242112 47c6ead321dc9c3d726aea1dc3bf188e
start.exe 986624 6923ec2e77a58a501eae550f40d39272
temp.dll 212992 89947e28fb7444a418a885d4339fda30

Safety Center has typically the following processes in memory:

  • cs_def.exe
  • Adrevolver.txtAds360.com
  • 102.exe
  • install_tag002.exe
  • start.exe
  • protector.exe
  • trojan.psw.stealth.a.exe
  • tdfhex.dll

Safety Center created the following directories, files, paths:

  • %ProgramFiles%\SafetyCenter

Safety Center creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB09B56A-91AB-11DE-95FD-A39056D89593}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
  • HKEY_LOCAL_MACHINE\SOFTWARE\SafetyCenter
  • SOFTWARE\SafetyCenter
  • 0766AD3F-6636-454E-B95B-FDB1DD2CE4EB
  • A73890FC-177F-4198-AE3D-C64F7D9E69D8
  • HKEY_CLASSES_ROOT\CLSID\{EB09B56A-91AB-11DE-95FD-A39056D89593}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyCenter
  • EB09B56A-91AB-11DE-95FD-A39056D89593
  • 88A5EFA0-AA5D-4684-9CC2-5EDEC8E84655
  • DD1984BA-25E1-4F56-B124-A07ED6B2A87F
  • HKEY_CLASSES_ROOT\CLSID\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce “SafetyCenter”
  • BCA9B86C-91BC-11DE-B1CD-35C755D89593
  • 2414A739-9651-441B-BC10-D773267CC19D
  • 95E14BC7-C5F1-4545-8064-E8DAA621580C

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 08/27/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Track Malware Around the World

Recent Articles

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Additional Terms and Conditions
Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.