Windows Custom Safety

Windows Custom Safety Description

ScreenshotWindows Custom Safety is a fake security program that belongs to the FakeVimes family of malware. Bogus security applications like Windows Custom Safety are known as rogue security programs. These kinds of applications are designed to trick inexperienced computer users, making them think that they are in need of an expensive, useless, bogus anti-malware program. Since Windows Custom Safety has absolutely no real anti-malware capabilities, ESG security researchers strongly advise against purchasing its 'full version' or allowing Windows Custom Safety to remain on your hard drive. Instead, you should remove Windows Custom Safety as soon as possible with the help of a real anti-malware program that is fully up to date.

Windows Custom Safety and Its Many Clones

The family of malware comprises dozens of fake security programs, with new iterations of this malware family being released every day. Rogue security programs in the FakeVimes family of malware dates back to 2009. While the fake security programs themselves have not changed much since then, criminals have started bundling Windows Custom Safety and other FakeVimes clones with dangerous rootkits and other Trojans. This makes Windows Custom Safety more difficult to remove than malware in the FakeVimes family that was released before 2012. Clones of Windows Custom Safety also released in 2012 also include programs like

How Windows Custom Safety Tries to Scam Its Victims

Rogue security programs like Windows Custom Safety are among the most common types of online scams. Basically, their goal is to scare their victims into purchasing an expensive, but useless, upgrade to their fake security program. Windows Custom Safety has several ways in which Windows Custom Safety does this. For example, Windows Custom Safety will display a large number of fake error messages and alarming security alerts. It will also perform a fake malware scan on the victim's hard drives, claiming to find an unusually high number of malware infections present. However, if you try to use Windows Custom Safety to fix these supposed problems, Windows Custom Safety will claim that it is necessary to purchase a 'full version' of this fake security program. Since Windows Custom Safety has no actual way to remove malware from your computer system and is part of a malware attack itself, ESG security analysts strongly advise against paying for this useless fake security application.

Do You Suspect Your Computer May Be Infected with Windows Custom Safety & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Windows Custom Safety as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Custom Safety infects a computer.

How to Detect and Remove Windows Custom Safety

Windows Custom Safety Image 1 Windows Custom Safety Image 2 Windows Custom Safety Image 3 Windows Custom Safety Image 4 Windows Custom Safety Image 5 Windows Custom Safety Image 6 Windows Custom Safety Image 7 Windows Custom Safety Image 8 Windows Custom Safety Image 9 Windows Custom Safety Image 10 Windows Custom Safety Image 11 Windows Custom Safety Image 12

Registry Details

Windows Custom Safety creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\"Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger = svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\"Debugger" = "svchost.exe"

More Details on Windows Custom Safety

The following messages associated with Windows Custom Safety were found:
Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.