Windows Safeguard Upgrade Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Even though Windows Safeguard Upgrade has all the trappings of an actual anti-malware program, ESG malware analysts classified Windows Safeguard Upgrade as a malware infection. Windows Safeguard Upgrade is part of a malware attack that has the objective of convincing computer users that they need to purchase a fake security program. Malware applications like Windows Safeguard Upgrade are known as rogue security programs. Windows Safeguard Upgrade in particular belongs to the FakeVimes family of malware, an extensive family of rogue security software.

Windows Safeguard Upgrade – One of Many Fake Anti-virus Programs in the FakeVimes Family

The FakeVimes family of malware has been active and continuously updated since 2009. Due to its age, PC security analysts usually have no problems dealing with a FakeVimes-related malware infection. However, Windows Safeguard Upgrade is one of the many bogus security programs in the FakeVimes family released in 2012. These newest versions of the FakeVimes family of malware will often be bundled with a Sirefef (also known as ZeroAccess) rootkit infection that makes them difficult to remove and detect as malware. Other examples of 2012 versions of the FakeVimes family of malware include Windows Shielding Utility, Windows Efficiency Reservoir and Windows Trojans Inspector. ESG security analysts recommend using a specialized anti-rootkit tool to remove Windows Safeguard Upgrade’s associated rootkit component before using a reliable anti-malware program to delete Windows Safeguard Upgrade from your hard drive.

How Criminals Use Windows Safeguard Upgrade to Scam Unsuspecting Computer Users

The Windows Safeguard Upgrade scam consists in trying to convince computer users that they need to purchase a ‘full version’ of Windows Safeguard Upgrade which, of course, is not free. Basically, Windows Safeguard Upgrade will try to alarm the computer user by making him believe that their computer system is severely infested with viruses and Trojans. If the computer user tries to use Windows Safeguard Upgrade’s supposed anti-malware features to remove these non-existent infections, Windows Safeguard Upgrade will display error messages and direct the computer user to Windows Safeguard Upgrade’s website. Windows Safeguard Upgrade will claim that these supposed problems can only be removed by ‘upgrading’ Windows Safeguard Upgrade. Since Windows Safeguard Upgrade is actually a malware infection, and probably responsible for any problems on the victim’s computer, ESG malware analysts recommend fully removing Windows Safeguard Upgrade with a real anti-malware program instead.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Safeguard Upgrade?

Windows Safeguard Upgrade Removal Details

Windows Safeguard Upgrade has typically the following processes in memory:

• %AppData%\Protector-{RANDOM 4 CHARACTERS}.exe
• %AppData%\Protector-{RANDOM 3 CHARACTERS}.exe
• %AppData%\NPSWF32.dll

Windows Safeguard Upgrade creates the following files in the system:

• %StartMenu%\Programs\Windows Pro Web Helper.lnk

Windows Safeguard Upgrade creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = 2012-2-20_1
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 4
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

Important Article Disclaimer