Windows Safety Series Description
Windows Safety Series is a malicious application disguised as a legitimate security program. These kinds of bogus anti-virus utilities belong to an ordinary online scam that involves a multi-component malware attack designed to steal a victim’s money. Windows Safety Series will try to convince the victim that the targeted computer is severely infected with various Trojans and viruses. However, these are lies which depend on trying to convince inexperienced computer users to purchase a fake ‘full version’ of Windows Safety Series. Windows Safety Series should not be allowed to remain installed on a computer since it usually means that the computer has become the target of a dangerous malware attack.
Since 2009, fake security programs like Windows Safety Series have been released periodically. These belong to a large family of malware known as FakeVimes. Although most security programs can remove most FakeVimes rogue security programs, Windows Safety Series and other FakeVimes malware released in 2012 will often include a dangerous rootkit component. This rootkit component, usually belonging to the Sirefef family of malware, can make Windows Safety Series and its many clones particularly difficult to remove and detect. Some examples of these kinds of fake security programs include Windows Secure Workstation, Windows Safeguard Upgrade and Windows Shielding Utility, all of which are the same basic malware program as Windows Safety Series, with different names. Due to the presence of the aforementioned rootkit component, a specialized anti-rootkit tool may be required to deal with Windows Safety Series and its many clones.
Do Not Become a Victim of the Windows Safety Series Scam!
Windows Safety Series has no way of actually detecting or removing malware. Windows Safety Series will try to convince you that your computer is infected by causing a variety of annoying symptoms. Some symptoms associated with Windows Safety Series include frequent browser redirects, system instability, and problems opening security software or other kinds of applications. However, the main symptom that characterizes rogue security programs such as Windows Safety Series is the presence of numerous, irritating, constant error messages. These can appear as Windows system alerts or as pop-up notifications from the Task Bar. Do not fall for this scam! Rather than purchasing a ‘full version’ of Windows Safety Series, remove this fake security program with a reliable anti-malware tool. You can ‘register’ Windows Safety Series with the code 0W000-000B0-00T00-E0020 in order to halt the stream of annoying error messages, although that will not remove Windows Safety Series from an infected computer.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Safety Series?
Download SpyHunter’s Detection Scanner
to Detect Windows Safety Series.
‘How Windows Safety Series Infects Your Computer’ Video
Windows Safety Series Removal Details
Windows Safety Series has typically the following processes in memory:
- %AppData%\Protector-[RANDOM CHARACTERS].exe
Windows Safety Series creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe