Windows Ultimate Safeguard Description
Windows Ultimate Safeguard is a rogue security application in the FakeVimes family of malware, a group of malicious programs that have been active since 2009. ESG security researchers warn computer users that Windows Ultimate Safeguard has no anti-malware capabilities. Malware such as Windows Ultimate Safeguard uses misleading error messages, and other tactics to trick computer users into purchasing useless bogus anti-malware software. Since Windows Ultimate Safeguard cannot detect PC infections and is part of a malware attack itself, this fake security program should be removed with the assistance of a powerful, fully updated anti-malware program.
Windows Ultimate Safeguard Contains a Dangerous Rootkit Component
Although PC security analysts have been dealing with malware from the FakeVimes family for several years, rogue security programs in this family have started to use new tactics to become more effective and difficult to remove. Since early 2012, ESG malware analysts have observed that bogus security applications from the FakeVimes family of malware have started to use a rootkit component that makes them much more dangerous than previous variants in the FakeVimes family of malware. This rootkit belongs to the Sirefef family of rootkits and can disable many legitimate security programs as well as make the infected computer significantly more vulnerable to other malware attacks. Clones of Windows Ultimate Safeguard that also contain this dangerous rootkit component include programs such as Windows Antivirus Machine, Windows Premium Console and Windows Active Defender.
Dealing with Windows Ultimate Safeguard and Other FakeVimes Malware
The main goal of the Windows Ultimate Safeguard scam is to persuade the PC user that their machines are severely infected in an attempt to trick the victim into acquiring an expensive upgrade for this useless rogue security program. To do this, Windows Ultimate Safeguard uses misleading error messages and a fake system scan that will always return alarming results. The presence of Windows Ultimate Safeguard on a computer can also cause browser redirects and other problems, such as general decreased performance across the board.
Since Windows Ultimate Safeguard cannot actually detect or remove malware, this fake security program should be disabled with a reliable anti-malware application. You can stop many of Windows Ultimate Safeguard’s most annoying symptoms by entering the registration code 0W000-000B0-00T00-E0020. It is important to remember that ‘registering’ Windows Ultimate Safeguard does not actually remove this malicious program from your computer but only stops some of its symptoms. Windows Ultimate Safeguard will still need to be removed from the infected computer.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Ultimate Safeguard?
Download SpyHunter’s Detection Scanner
to Detect Windows Ultimate Safeguard.
‘How Windows Ultimate Safeguard Infects Your Computer’ Video
Windows Ultimate Safeguard Removal Details
Windows Ultimate Safeguard has typically the following processes in memory:
Windows Ultimate Safeguard creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “[RANDOM]”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\”Debugger” = “svchost.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = “4″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\”Debugger” = “svchost.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “%AppData%\Protector-[RANDOM].exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “[DATE OF INSTALLATION]”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\”Debugger” = “svchost.exe”