Windows Proactive Safety

By ESGI Advisor in Rogue Anti-Spyware Program | 152 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
 More... More

Windows Proactive Safety Description

Image Screenshot

[+] Click Image to Enlarge

Do not trust Windows Proactive Safety! Despite its name, Windows Proactive Safety will not keep your computer system safe, proactively or otherwise. There is a simple reason for this: Windows Proactive Safety is not a real anti-malware program, Windows Proactive Safety is actually a malware infection itself. Windows Proactive Safety will try to steal your money by trying to make you the victim of a common online scam. This scam is not sophisticated; criminals will try to make you believe that your computer system is severely infected with malware and will try to drive you to purchase a fake security program in order to fix these imaginary problems. If Windows Proactive Safety is installed on your computer system, ESG malware analysts strongly advise removing Windows Proactive Safety with the help of a reliable anti-malware program.

As was mentioned above, Windows Proactive Safety will try to demonstrate that your PC is in trouble. Windows Proactive Safety has several tactics Windows Proactive Safety can use to carry out this deception. The main one of these is displaying alarming error messages and a constant stream of pop-up notifications and system alerts. Windows Proactive Safety also mimics legitimate security programs closely and will display a fake system scan of your computer that will invariably reveal the presence of Trojans and viruses. Windows Proactive Safety has other ways of indirectly convincing you that your computer system is infected; for example, Windows Proactive Safety can cause your system to run slowly or Windows Proactive Safety can cause browser redirects. Whenever the victim tries to use Windows Proactive Safety to fix these supposed problems, the program will claim that the victim must ‘upgrade’ to an expensive ‘full version’ of Windows Proactive Safety.

Windows Proactive Safety Belongs to an Extensive Malware Family

Windows Proactive Safety is part of a particularly big family of malware acknowledged as the FakeVimes family of rogue security programs. Since 2009, malware in the FakeVimes family has been responsible for millions of infections all around the world. There are numerous clones of Windows Proactive Safety, including programs like Windows Maintenance Guard, Windows Defence Counsel and Windows Advanced User Patch. These are all essentially the same malware infection. Entering the registration code 0W000-000B0-00T00-E0020 can trick Windows Proactive Safety into thinking that you have purchased its ‘full version.’ However, it is still necessary to take care of the Windows Proactive Safety infection with a real, reputable anti-malware application.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Proactive Safety?

Download SpyHunter’s Detection Scanner
to Detect Windows Proactive Safety.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

‘How Windows Proactive Safety Infects Your Computer’ Video

Windows Proactive Safety Removal Details

Windows Proactive Safety has typically the following processes in memory:

  • %CommonAppData%\58ef5\SP98c.exe
  • %AppData%\Windows Proactive Safety\ScanDisk_.exe

Windows Proactive Safety creates the following files in the system:

  • %Desktop%\Windows Proactive Safety.lnk
  • %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Proactive Safety.lnk
  • %Programs%\Windows Proactive Safety.lnk
  • %AppData%\Windows Proactive Safety\Instructions.ini
  • %StartMenu%\Windows Proactive Safety.lnk
  • %CommonAppData%\58ef5\SPT.ico

Windows Proactive Safety creates the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Proactive Safety”%CommonAppData%\58ef5\SP98c.exe” /s /d
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Windows Proactive Safety\DisplayVersion 1.1.0.1010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\Publisher UIS Inc.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayIcon [unknown dir]\[unknown file name].exe,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety\DisplayName Windows Malware Firewall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive SafetyInstallLocation [unknown dir]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Proactive Safety
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Maintenance Guard\UninstallString “[unknown dir]\[unknown file name].exe”/del
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe

Important Article Disclaimer

ESG Support Center

This entry was last updated on 06/20/12 and posted on 06/20/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Hacktool.WindowsLoader
Kuluoz »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.