Windows Pro Safety

Windows Pro Safety Description

ScreenshotWindows Pro Safety belongs to a category of malware programs known as rogue security applications. Rogue security programs like Windows Pro Safety pretend to be legitimate anti-malware programs but have no actual anti-malware capabilities. These kinds of fake security applications are used as part of a pervasive online scam that preys on inexperienced computer users. Basically, criminals make the victims believe that their computer system is severely infested with all kinds of malware. However, trying to use Windows Pro Safety to fix these simply results in a message claiming that the victim needs to 'upgrade' to an also useless 'full version' of Windows Pro Safety. This supposed upgrade is not cheap, usually close to one hundred dollars. ESG security analysts strongly advise against purchasing Windows Pro Safety. Instead, this fake security application should be dealt with using a reliable anti-spyware program.

Windows Pro Safety, Rootkits and the FakeVimes Family of Malware


Windows Pro Safety belongs to a particularly large group of fake security software known as the FakeVimes family of malware. Because these bogus security applications have been active since 2009, most legitimate anti-malware programs are well equipped to deal with them. However, malware in the FakeVimes family released in 2012 will often include an accompanying rootkit infection (often a version of the Sirefef rootkit) that makes them much more difficult to remove than previous versions of FakeVimes malware applications. Some examples of clones of Windows Pro Safety released in 2012 and before include A-fast Antivirus, Windows Cleaning Toolkit, Windows Antivirus Adviser, Security Antivirus, VirusSecurity, Windows Daily Adviser, Windows Basic Antivirus, Windows Antibreach Module, Windows Defence Master, Windows Activity Booster, Windows Antivirus Machine, Smart Internet Protection 2011, Smart Internet Protection 2012, Windows Control Series, Volcano Security Suite, Windows Active HotSpot, My Security Engine, Fake Windows Antivirus 2012, Keep Center Keeper, Windows Defending Center, Smart PC Cleaner, Windows Advanced User Patch, Personal Internet Security 2011, Windows Care Taker, Windows Advanced Toolkit, System Smart Security, Windows Be-on-Guard Edition, Windows Antivirus Suite, Windows Daily Advisor, Windows AntiBreach Suite, Best Virus Protection, Windows AntiHazard Helper, Best Antivirus Software, Windows Command Processor, Windows Antivirus Patch, Antivirus Smart Protection, Internet Security Essentials, Fast Antivirus 2009, Windows Anti-Malware Patch, Virus Melt, Windows Cleaning Tools, Virus Doctor, Best Malware Protection, Malware Protection, Home Safety Essentials, Windows Accelerator Pro, Windows Antivirus Booster, Security Master AV, My Security Shield, Personal Security Sentinel, Smart Security, Anti-Malware Lab, PC Live Guard, Windows Custom Safety, Windows Antivirus Helper, Windows Antihazard Solution, Smart Anti-Malware Protection, System Protection Tools, Windows Custom Management, Advanced Antispyware Solution, Smart Virus Eliminator, Total Anti Malware Protection, Live Enterprise Suite, Windows Efficiency Accelerator, Windows Advanced Security Center, Home Malware Cleaner, Windows Crucial Scanner, Presto TuneUp, Windows Activity Debugger, Windows Component Protector, Windows Efficiency Kit, Windows AntiBreach Patrol, Windows Antivirus Rampart, Windows Antibreaking System, CleanUp Antivirus, Internet Security Suite, Windows Defence Unit, Additional Guard, Live PC Care, Windows Efficiency Console, Windows Antibreach Tool, My Security Wall, Windows Antivirus Tool, Windows Antivirus Care, Smart Engine, PC Security Guardian, Windows Defence Counsel, Windows AntiBreach Helper, Windows Antivirus Patrol, Windows AntiHazard Center, Activate Ultimate Protection, Windows Antivirus Release, Extra Antivirus, Windows Debug Center, Windows Active Guard, Windows Abnormality Checker, Windows Custodian Utility and Enterprise Suite. The presence of the rootkit component makes these newer versions of FakeVimes clones much more difficult to remove than their predecessors and will often require the help of a specialized anti-rootkit tool or a strong anti-malware program with anti-rootkit technology.

How You Can Protect Your Computer System from the Windows Pro Safety Scam


The culprit behind most rogue security software infections is usually a Trojan. Trojans associated with Windows Pro Safety will often enter a computer system disguised as a fake video codec, a harmless email attachment, or as a result of an exploit on an attack website. The most common causes for Trojan infections associated with Windows Pro Safety are online advertisements claiming to scan your computer system for malware. They will always claim that your computer is infected and urge you to install Windows Pro Safety. Almost all of these kinds of malicious advertisements will also attempt to exploit known vulnerabilities in order to install Windows Pro Safety in the background while the fake scan is distracting the computer user.

Infected with Windows Pro Safety? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Windows Pro Safety

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Pro Safety infects a computer.

How to Detect and Remove Windows Pro Safety?

Windows Pro Safety Image 1 Windows Pro Safety Image 2 Windows Pro Safety Image 3 Windows Pro Safety Image 4 Windows Pro Safety Image 5 Windows Pro Safety Image 6 Windows Pro Safety Image 7 Windows Pro Safety Image 8 Windows Pro Safety Image 9 Windows Pro Safety Image 10 Windows Pro Safety Image 11 Windows Pro Safety Image 12

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Windows Pro Safety outbreaks and other threats from global to local level.

File System Details

Windows Pro Safety creates the following file(s):
# File Name Size MD5 Detection Count
1 Windows Pro Safety.lnk 53
2 %APPDATA%\Protector-bqtk.exe 2,072,576 dfa753380d0efa42bd7594c101346aa6 42
3 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
4 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
5 %AppData%\NPSWF32.dll N/A
6 %CommonStartMenu%\Programs\Windows Pro Safety.lnk N/A
7 %Desktop%\Windows Pro Safety.lnk N/A
8 %AppData%\result.db N/A

Registry Details

Windows Pro Safety creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\ASProtect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-20_4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rohjjdbsbt"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe

More Details on Windows Pro Safety

The following messages associated with Windows Pro Safety were found:
Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 6 + 9 ?