Loading ...|
|
Tweet |  More |
Windows Safety Maintenance Description
Despite its name, Windows Safety Maintenance will not maintain your computer system’s safety. This is because Windows Safety Maintenance is actually a malware infection thinly disguised as a legitimate security application. Therefore, it is important to identify Windows Safety Maintenance as a threat and to remove Windows Safety Maintenance from an infected computer system as soon as possible. The presence of Windows Safety Maintenance on a computer will usually indicate a severe malware infection on that computer. ESG malware researchers strongly recommend removing Windows Safety Maintenance with a trustworthy anti-malware program that is frequently updated. Not removing Windows Safety Maintenance can result in your sensitive data being leaked or your operating system being irreparably damaged.
Windows Safety Maintenance belongs to a kind of malware infection known as a rogue security program. Fake security applications like Windows Safety Maintenance use a variety of tactics to convince their victims that their computer system is severely infected with many nonexistent viruses and Trojans. They do this so that the victim will agree to purchase a useless ‘full version’ of the fake security program as a way to fix these manufactured threats. Windows Safety Maintenance does not limit itself to displaying annoying error messages and fake system scans, Windows Safety Maintenance will also wreak havoc on a computer system, changing system settings, causing browser redirects and causing the infected computer system to crash frequently. Worst of all, Windows Safety Maintenance is usually associated with a dangerous rootkit infection known as ZeroAccess. This rootkit component can make Windows Safety Maintenance removal problematic, often needing the intervention of a specialized anti-rootkit application.
Windows Safety Maintenance and the FakeVimes Family of Malware
Windows Safety Maintenance belongs to a very large family of bogus security applications commonly known as FakeVimes. Rogue security programs in the FakeVimes family have infected computer systems since 2009. This means that most anti-malware programs can deal easily with these kinds of threats, provided that their associated rootkit infection can be removed first. Examples of FakeVimes rogue security applications include Windows Internet Booster, Windows Multi Control System and Windows Daily Advisor. While ‘registering’ Windows Safety Maintenance will not remove this fake security program, you can still enter the registration number 0W000-000B0-00T00-E0020 in order to stop many of this fake security program’s error messages and other irritating symptoms. However, removing Windows Safety Maintenance will still be necessary to keep your computer system safe.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Safety Maintenance?
Download SpyHunter’s Detection Scanner
to Detect Windows Safety Maintenance.
Can’t install SpyHunter? Click here to view possible causes of installation issues.
‘How Windows Safety Maintenance Infects Your Computer’ Video
Windows Safety Maintenance Removal Details
Windows Safety Maintenance has typically the following processes in memory:
- %AppData%\Protector-{RANDOM 4 CHARACTERS}.exe
- %AppData%\Protector-{RANDOM 3 CHARACTERS}.exe
- %CommonAppData%\58ef5\SP98c.exe
- %AppData%\NPSWF32.dll
- %AppData%\Windows Safety Maintenance\ScanDisk_.exe
Windows Safety Maintenance creates the following files in the system:
- %Desktop%\Windows Safety Maintenance.lnk
- %AppData%\Windows Safety Maintenance\Instructions.ini
- %StartMenu%\Windows Safety Maintenance.lnk
- %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Safety Maintenance.lnk
- %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
- %AppData%\result.db
- %Programs%\Windows Safety Maintenance.lnk
- %CommonAppData%\58ef5\SPT.ico
Windows Safety Maintenance creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM CHARACTERS]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
Important Article Disclaimer
Windows Safety Maintenance
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.