« Backdoor.Tidserv!inf
Critical Windows 7 Security Bug: Microsoft Releases Security Advisory (975497) »

SafetyKeeper

No Comments
LoneStar By LoneStar in Rogue Anti-Spyware Program | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

SafetyKeeper Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

SafetyKeeper is a fake spyware remover originating from the same family as BlockDefense, SaveDefense and SaveKeeper. Due to affiliated trojans infiltrating the computer via security exploits, SafetyKeeper is installed onto the system and from there, begins launching various fake security alerts. Along with the fictitious and sometimes grossly exaggerated infection reports supplied by the counterfeit system scans, these tactics ensure the user is intimidated enough into purchasing the fake spyware remover SafetyKeeper in order to combat these non-existent threats.

Type: Rogue AntiSpyware Programs

How Can You Detect SafetyKeeper?

 
 

Download SpyHunter’s Detection Scanner
to Detect SafetyKeeper.

 
 

SafetyKeeper Technical Report

As new SafetyKeeper details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following SafetyKeeper files with its MD5s were created in the system:

File Name File Size MD5
setup[1].exe 919479 315625381de4c9a3ea8f7d013c1f21b8
setup[1].exe 467456 c57fa05552767c91a5655f9d8400c1bc
SafetyKeeper.exe 832000 af3658a2f7dbd4a5bb5ef95910a6cde7

SafetyKeeper has typically the following processes in memory:

  • SafetyKeeper.exe
  • c:\WINDOWS\1155backdoor929z.ocx
  • c:\WINDOWS\system32\90a3t5ief225z.ocx

SafetyKeeper created the following directories, files, paths:

  • %ProgramFiles%\SafetyKeeper Software\SafetyKeeper
  • %AllUsersProfile%\Start Menu\Programs\SafetyKeeper

SafetyKeeper creates the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SafetyKeeper”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAFETYKEEPERSVC
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “gbn976rl.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\SafetyKeeper
  • HKEY_CURRENT_USER\Software\SafetyKeeper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyKeeper
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafetyKeeperSvc

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 09/11/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.