Windows Safety Checkpoint Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Safety Checkpoint is an application that closely mimics real security programs, such as Microsoft Security Essentials or Windows Defender. However, Windows Safety Checkpoint has no real anti-virus capabilities. According to ESG PC security researchers, Windows Safety Checkpoint is a type of malware commonly known as a rogue anti-virus program. Rogue antivirus programs are often installed by Trojans and closely associated with other malware. They are designed to make a PC user think that their computer has been invaded by numerous viruses and then attempts to sell the victim a fake anti-virus program, such as Windows Safety Checkpoint.

Windows Safety Checkpoint belongs to a large family of rogue anti-virus software that has been around since 2009. Known as the FakeVimes family of malware, these bogus security applications are still active in 2012. In fact, the most recent versions of FakeVimes malware are much more malicious than previous iterations due to their association with the ZeroAccess rootkit. Windows Safety Checkpoint is one of the many FakeVimes programs released in 2012; others include Windows Premium Guard, Windows Crucial Scanner and Windows Pro Rescuer.

How Criminals Use Windows Safety Checkpoint to Scam Their Victims

The main goal of Windows Safety Checkpoint is to sell bogus registration keys in order to obtain a useless ‘full version’ of Windows Safety Checkpoint. To convince their victims that they need to ‘upgrade’, Windows Safety Checkpoint displays many fake security alerts and error messages that supposedly indicate the presence of a severe Trojan and virus infestation in the victim’s computer. Then, Windows Safety Checkpoint, pretending to be a real security program, claims that this supposed infection can be fixed by upgrading this fake security application. Other ways in which Windows Safety Checkpoint misleads its victims is by causing browser redirects, affecting system performance, and preventing the victim from accessing files on the infected computer system.

ESG team of malware researchers strongly advises against paying for Windows Safety Checkpoint and removing this fake security program from your computer system immediately. However, removing this program is not as easy as removing a normal application. Usually, it will be necessary to use a reliable security program. You can stop Windows Safety Checkpoint’s most annoying symptoms by entering the registration code 0W000-000B0-00T00-E0020. While this will not remove Windows Safety Checkpoint, it will grant computer users greater freedom in accessing their security software in order to remove Windows Safety Checkpoint safely and permanently.

Type: Rogue Anti-Virus Program

How Can You Detect Windows Safety Checkpoint?

Windows Safety Checkpoint Technical Report

As new Windows Safety Checkpoint details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Safety Checkpoint:

The following fake error message(s) appears for Windows Safety Checkpoint:

Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Trojan activity detected. System data security is at risk.

‘How Windows Safety Checkpoint Infects Your Computer’ Video

Windows Safety Checkpoint Removal Details

Windows Safety Checkpoint has typically the following processes in memory:

• %AppData%\Protector-[RANDOM CHARACTERS].exe
• %AppData%\Inspector-[RANDOM CHARACTERS].exe

Windows Safety Checkpoint creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

Important Article Disclaimer