« SaveDefender
Malwareurlirblock.com »

SaveArmor

No Comments
SpideyMan By SpideyMan in Rogue Anti-Spyware Program | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

SaveArmor Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

SaveArmor is a fake security program related to the group of rogue anti-spyware programs called SaveKeeper, SoftSafeness and SafetyKeeper. All of these applications use similar methods to get computer users to purchase a full version of the rogue. SaveArmor will use misleading system warnings and falsified system scans to scare a user into purchasing SaveArmor. Usually these threats come in the form of a message that alerts the user of parasites found on the system but in reality they are all fabricated. SaveArmor is not a trusted application for removal and detection of spyware, Trojans or any other type of computer parasite.

Type: Rogue AntiSpyware Programs

How Can You Detect SaveArmor?

 
 

Download SpyHunter’s Detection Scanner
to Detect SaveArmor.

 
 

SaveArmor Technical Report

As new SaveArmor details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following SaveArmor files with its MD5s were created in the system:

File Name File Size MD5
setup[1].exe 919084 d36c0973a2699dd606a69c7a2fde01b4
setup[2].exe 467456 d34c0a96d9ebb0bc3d4cfd3536e46096
SaveArmor.exe 831488 dca8fa4ec7ce9b90936f781563f3880a

SaveArmor has typically the following processes in memory:

  • %WINDOWS%\1044zhackt9ol5b2.dll
  • %Program Files%\SaveArmor Software\SaveArmor\uninstall.exe
  • %Program Files%\SaveArmor Software\SaveArmor\savearmor.exe
  • SaveArmor.exe

SaveArmor created the following directories, files, paths:

  • %ProgramFiles%\SaveArmor Software\SaveArmor
  • %AllUsersProfile%\Start Menu\Programs\SaveArmor

SaveArmor creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\SaveArmor
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SaveArmor”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveArmor
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SaveArmorSvc
  • HKEY_CURRENT_USER\Software\SaveArmor
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVEARMORSVC
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “x0lc3bqd.exe”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 09/22/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.