Threat Database Rogue Anti-Spyware Program Windows Safeguard Upgrade

Windows Safeguard Upgrade

Threat Scorecard

Ranking: 15,838
Threat Level: 100 % (High)
Infected Computers: 9
First Seen: May 17, 2012
Last Seen: May 6, 2024
OS(es) Affected: Windows

Windows Safeguard Upgrade Image

Even though Windows Safeguard Upgrade has all the trappings of an actual anti-malware program, ESG malware analysts classified Windows Safeguard Upgrade as a malware infection. Windows Safeguard Upgrade is part of a malware attack that has the objective of convincing computer users that they need to purchase a fake security program. Malware applications like Windows Safeguard Upgrade are known as rogue security programs. Windows Safeguard Upgrade in particular belongs to the FakeVimes family of malware, an extensive family of rogue security software.

Windows Safeguard Upgrade – One of Many Fake Anti-virus Programs in the FakeVimes Family

The FakeVimes family of malware has been active and continuously updated since 2009. Due to its age, PC security analysts usually have no problems dealing with a FakeVimes-related malware infection. However, Windows Safeguard Upgrade is one of the many bogus security programs in the FakeVimes family released in 2012. These newest versions of the FakeVimes family of malware will often be bundled with a Sirefef (also known as ZeroAccess) rootkit infection that makes them difficult to remove and detect as malware. Other examples of 2012 versions of the FakeVimes family of malware include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. ESG security analysts recommend using a specialized anti-rootkit tool to remove Windows Safeguard Upgrade's associated rootkit component before using a reliable anti-malware program to delete Windows Safeguard Upgrade from your hard drive.

How Criminals Use Windows Safeguard Upgrade to Scam Unsuspecting Computer Users

The Windows Safeguard Upgrade scam consists in trying to convince computer users that they need to purchase a 'full version' of Windows Safeguard Upgrade which, of course, is not free. Basically, Windows Safeguard Upgrade will try to alarm the computer user by making him believe that their computer system is severely infested with viruses and Trojans. If the computer user tries to use Windows Safeguard Upgrade's supposed anti-malware features to remove these non-existent infections, Windows Safeguard Upgrade will display error messages and direct the computer user to Windows Safeguard Upgrade's website. Windows Safeguard Upgrade will claim that these supposed problems can only be removed by 'upgrading' Windows Safeguard Upgrade. Since Windows Safeguard Upgrade is actually a malware infection, and probably responsible for any problems on the victim's computer, ESG malware analysts recommend fully removing Windows Safeguard Upgrade with a real anti-malware program instead.

SpyHunter Detects & Remove Windows Safeguard Upgrade

File System Details

Windows Safeguard Upgrade may create the following file(s):
# File Name MD5 Detections
1. 008c70301e6e753c4b701a8b00a3bc56da82cd682259821d76abf4c092a65574.exe 20fe0825152fdc6a8c16825bcc233bd1 4
2. Protector-jxir.exe 9f05820de768ce99a6ba71d0c567740e 1
3. Protector-vdom.exe f774fa4c8a47f377b724286900af5d2d 1
4. %AppData%\Protector-{RANDOM 4 CHARACTERS}.exe
5. %AppData%\Protector-{RANDOM 3 CHARACTERS}.exe
6. %AppData%\NPSWF32.dll
7. %StartMenu%\Programs\Windows Pro Web Helper.lnk

Registry Details

Windows Safeguard Upgrade may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0


Most Viewed