Windows Pro Safety Release

Windows Pro Safety Release Description

Type: Rogue AntiSpyware Programs

ScreenshotWindows Pro Safety Release is a fraudulent security program. While Windows Pro Safety Release has the external appearance of an actual anti-virus application, at its core it has no actual anti-malware components; Windows Pro Safety Release is designed to execute a well-worn online scam. The Windows Pro Safety Release scam consists in making the victim believe that their computer system is severely infected with viruses and Trojans. Then, Windows Pro Safety Release will claim that a 'full version' must be purchased in order to remove these non-existent threats. Windows Pro Safety Release's supposed upgrade is not cheap ($99 USD), and considering that it is absolutely useless, ESG malware analysts strongly recommend against purchasing this fake security program. Instead, Windows Pro Safety Release should be removed with a real, fully updated anti-malware tool.

Windows Pro Safety Release Belongs to the FakeVimes Family of Rogue Security Software

Windows Pro Safety Release is one of the many fake anti-virus programs in the FakeVimes family of rogue security software, a particularly large family of malware that has been active since 2009. While PC security analysts are well acquainted with malware like Windows Pro Safety Release, fake anti-virus programs in the FakeVimes family released in 2012 have included a rootkit component that makes them more difficult to remove and detect than previous iterations of FakeVimes malware. There are dozens of clones of Windows Pro Safety Release, including such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. Because of their integrated rootkit, a specialized anti-rootkit tool may be necessary to remove Windows Pro Safety Release and its clones from an infected computer system.

Protecting Yourself from the Windows Pro Safety Release Scam

Most fake security programs like Windows Pro Safety Release are delivered with the help of a Trojan infection. These can be acquired in several ways, including malicious email attachments, a downloader Trojan infection, or fake video codecs on high-risk websites. However, the most common cause of a rogue security program infection is clicking on corrupted online advertisements supposedly offering a free online malware scan. These will invariably return a false positive result and urge the victim to download a program like Windows Pro Safety Release. Most of the time, they will also attempt to use exploits to install the rogue security program in the background while the supposed 'scan' is going on.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Pro Safety Release

Windows Pro Safety Release Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Pro Safety Release creates the following file(s):
# File Name MD5 Detection Count
1 Protector-snih.exe 960e0e794b5a651cf77cd86a47b2900e 11
2 Protector-qvao.exe 9733310065e7db429d4194822c86df50 1
3 %AppData%\NPSWF32.dll N/A
4 %AppData%\Protector-{RANDOM 4 CHARACTERS}.exe N/A
5 %AppData%\Protector-{RANDOM 3 CHARACTERS}.exe N/A
6 %AllUsersProfile%\Start Menu\Programs\Windows Pro Safety Release.lnk N/A
7 %UserProfile%\Desktop\Windows Pro Safety Release.lnk N/A
8 %AppData%\result.db N/A

Registry Details

Windows Pro Safety Release creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

More Details on Windows Pro Safety Release

The following messages associated with Windows Pro Safety Release were found:
Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Error
Keylogger ativity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.