Windows Custom Safety

Windows Custom Safety Description

Type: Adware

ScreenshotWindows Custom Safety is a fake security program that belongs to the FakeVimes family of malware. Bogus security applications like Windows Custom Safety are known as rogue security programs. These kinds of applications are designed to trick inexperienced computer users, making them think that they are in need of an expensive, useless, bogus anti-malware program. Since Windows Custom Safety has absolutely no real anti-malware capabilities, ESG security researchers strongly advise against purchasing its 'full version' or allowing Windows Custom Safety to remain on your hard drive. Instead, you should remove Windows Custom Safety as soon as possible with the help of a real anti-malware program that is fully up to date.

Windows Custom Safety and Its Many Clones

The FakeVimes family of malware comprises dozens of fake security programs, with new iterations of this malware family being released every day. Rogue security programs in the FakeVimes family of malware dates back to 2009. While the fake security programs themselves have not changed much since then, criminals have started bundling Windows Custom Safety and other FakeVimes clones with dangerous rootkits and other Trojans. This makes Windows Custom Safety more difficult to remove than malware in the FakeVimes family that was released before 2012. Clones of Windows Custom Safety also released in 2012 also include programs like Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

How Windows Custom Safety Tries to Scam Its Victims

Rogue security programs like Windows Custom Safety are among the most common types of online scams. Basically, their goal is to scare their victims into purchasing an expensive, but useless, upgrade to their fake security program. Windows Custom Safety has several ways in which Windows Custom Safety does this. For example, Windows Custom Safety will display a large number of fake error messages and alarming security alerts. It will also perform a fake malware scan on the victim's hard drives, claiming to find an unusually high number of malware infections present. However, if you try to use Windows Custom Safety to fix these supposed problems, Windows Custom Safety will claim that it is necessary to purchase a 'full version' of this fake security program. Since Windows Custom Safety has no actual way to remove malware from your computer system and is part of a malware attack itself, ESG security analysts strongly advise against paying for this useless fake security application.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

Windows Custom Safety Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Custom Safety creates the following file(s):
# File Name Detection Count
1 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Custom Safety creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\"Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector = %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger = svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\"Debugger" = "svchost.exe"

More Details on Windows Custom Safety

The following messages associated with Windows Custom Safety were found:
Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.