Threat Database Rogue Anti-Spyware Program Windows Interactive Safety

Windows Interactive Safety

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2
First Seen: August 6, 2012
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Interactive Safety Image

Despite the fact that Windows Interactive Safety looks like an anti-spyware program, Windows Interactive Safety is not a real security application. ESG security researchers consider that Windows Interactive Safety is a kind of malware infection generally established as a rogue security application. These kinds of threats are fake security applications that are part of a common online scam. Windows Interactive Safety is one of the dozens of fake security applications that belong to the FakeVimes family of malware.

This family of bogus security software has been active since 2009 and most security applications can remove these threats with few problems. However, in 2012 ESG malware analysts observed that criminals started to include a rootkit component in these attacks. This rootkit, one of the many dangerous threat from the Sirefef family of rootkits, gave new life to the FakeVimes family of malware, making its fake security software considerably more difficult to remove or detect than previous versions. If you find that Windows Interactive Safety is installed on your computer, you should remove this threat with a reliable anti-malware program and an anti-rootkit utility.

There are many clones of Windows Interactive Safety, programs with no differences only another name. Some of these include programs with names like Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

To carry out their scam, these programs will pretend to be legitimate security applications. However, unlike a real anti-spyware, they will always indicate that your computer is corrupted by malware, without regard to the actual state of the computer. Then, they will try to make it look like that you need to acquire an expensive upgrade to a 'full version' if you wish to remove these fake threats from your computer. Programs like Windows Interactive Safety are designed to harass their victims with constant, alarming error messages and browser redirects, making them an annoyance and a serious hindrance when trying to operate the infected machine.

Despite all of Windows Interactive Safety's alarming notifications, it is important to remember that Windows Interactive Safety has no real anti-malware capabilities. You can stop many of this malicious program's fake error messages with the registration number 0W000-000B0-00T00-E0020. Although 'registering' Windows Interactive Safety will stop most of its symptoms, Windows Interactive Safety will remain on the infected computer, making it more vulnerable to further malware threats. Because of this, full removal of Windows Interactive Safety should still be a priority.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Interactive Safety

Windows Interactive Safety Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Interactive Safety may create the following file(s):
# File Name MD5 Detections
1. Protector-selk.exe 01469470548208bd3e3b23c3b02e8c45 1
2. %AppData%\Protector-[rnd].exe

Registry Details

Windows Interactive Safety may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe

Messages

The following messages associated with Windows Interactive Safety were found:

Error
Attempt to modify registry key entries detected.
Registry entry analysis is recommended.
Warning
Firewall has blocked a program from accessing
the Internet
Windows XP USER API Clien: DLL
User32.dll
User32.dll is suspended to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click "Prevent attack" button to prevent all attacks and protect your PC.

Trending

Most Viewed

Loading...