Threat Database Rogue Anti-Spyware Program Windows Safeguard Utility

Windows Safeguard Utility

By ESGI Advisor in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: May 20, 2011
Last Seen: January 8, 2020
OS(es) Affected: Windows

ScreenshotWindows Safeguard Utility is a rogue anti-spyware program that poses a severe security threat to your computer. Windows Safeguard Utility is a malicious application disguised itself as a genuine anti-spyware utility. Windows Safeguard Utility has absolutely no anti-spyware or security components. Rather, Windows Safeguard Utility is a harmful program that should be removed immediately.

Where Did Windows Safeguard Utility Come From?

Windows Safeguard Utility is thought to come from the Russian Federation. This country is notorious for harboring some of the worst computer criminals in the world, second only to China. Windows Safeguard Utility and its clones first started appearing in 2010 and by early 2011 had provoked a great deal of infections around the world.

How Does Windows Safeguard Utility Infect a Computer?

Windows Safeguard Utility is typically delivered by a Trojan. The most popular method associated with this rogue application is the Fake Microsoft Security Essentials Alert Trojan. This Trojan, as its name says, displays a fake alert from Microsoft Security Essentials. This alert will claim that Microsoft Security Essentials has discovered an infected file and that it is necessary to download and install an additional security program to take care of it. Computer users that are fooled by this fake alert allow it then to download a rogue anti-spyware program, which may be Windows Safeguard Utility.

How Does the Fake Microsoft Security Essentials Trojan Attack a Computer?

Trojans are usually found on high-risk websites and disguised as legitimate downloads. There are several ways that the Trojan associated with Windows Safeguard Utility made its way into your computer. Here are some common ways to become infected with a Trojan.

- Trojans may be disguised as video codecs for viewing adult videos.
- Trojans may hide in compressed files in file sharing networks.
- Trojans may be disguised as legitimate updates from a third-party site.
- Trojans may be delivered through vulnerabilities in JavaScript or Flash.

Windows Safeguard Utility Removal

Windows Safeguard Utility may be difficult to remove because Windows Safeguard Utility takes steps to protect itself. Usually a fully updated anti-malware tool will take care of this particular rogue anti-spyware program; however, Windows Safeguard Utility prevents the user from running his/her security software. Here are some things to remember when trying to remove Windows Safeguard Utility:

- Never give Windows Safeguard Utility your credit card information.
- Do not attempt to delete any files marked as infected by Windows Safeguard Utility
- As long as Windows Safeguard Utility is on your system, remember that any sensitive files, personal information, or passwords are at risk.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Safeguard Utility

File System Details

Windows Safeguard Utility may create the following file(s):
# File Name MD5 Detections
1. ywruai.exe f4dcf81bd36dcb24f8979394e95af344 1
2. %AppData%\Microsoft\[RANDOM CHARACTERS].exe

Registry Details

Windows Safeguard Utility may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safeguard Utility
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Windows Safeguard Utility


The following messages associated with Windows Safeguard Utility were found:

Safe Boot includes several tools allowing the operational system to better control application software, so that to achieve enhanced security and system stability.

Location: C:\Program Files\Dell\quickset\quickset.exe
Viruses: Trojan.Win32.Agent

Deny – Forbid the execution of potentially harmful software.

Enable Protection – Click to activate antivirus and remove all infections.


Most Viewed