Windows Safe Mode

Windows Safe Mode Description

ScreenshotThere is some nasty new malware out on the Internet that calls itself Windows Safe Mode. This name is intended to confuse people, because Windows does have a mode called Safe Mode, which is a perfectly useful, harmless thing. However, the malware Windows Safe Mode is something else entirely. What's the easiest way to tell them apart? The real Windows Safe Mode is not something that does scans or generates alerts, and you don't have to pay money to obtain it.

Symptoms of Infection with the Malware Windows Safe Mode

Although Windows Safe Mode's family, the FakeSysDef family has been around for a while, the malware Windows Safe Mode is very new, having only recently begun to cause significant numbers of infections. So reports are still coming in about the damage that the malware does over time, but by now, we do know a few things for sure:

  1. The fake Windows Safe Mode is not what Windows Safe Mode claims to be. It is not a system optimization tool, because it lacks the real capability to scan for or fix anything.
  2. The alerts created by this malware contain glaring spelling and grammatical errors, which are strongly indicative of fake security software.
  3. Windows Safe Mode performs fake system scans and generates alerts, typically stating that Windows has detected some kind of hard disk error. The malware Windows Safe Mode will tell you that the error can only be fixed if you purchase its so-called "professional" software. The malware Windows Safe Mode will direct you to a payment site, take your money, and give you nothing in return.

Furthermore, there are reports of the following issues:

  1. The malware Windows Safe Mode is reportedly capable of causing Windows to go into a fake Safe Mode, i.e. the mode that you can boot Windows into to disable some installed programs or malware, in order to run a fake scan.
  2. The malware Windows Safe Mode may prevent other programs from running.
  3. The malware Windows Safe Mode may be capable of redirecting your web browser or preventing you from accessing the Internet at all.

The fake Windows Safe Mode installs itself on the infected computer without the user's permission, by way of a Trojan. The Trojan is usually hidden in a video codec update on a third-party website, or it is bundled in a download from a file sharing service. The Trojan responsible for the fake Windows Safe Mode may also be downloaded by visiting a fake 'free system scan' type website. Once the Trojan is downloaded, it takes care of setting up the malware Windows Safe Mode on the affected computer.

Differences Between the Malware Windows Safe Mode and the Actual Windows Safe Mode

Remember that this fake Windows Safe Mode is not a Windows product or a Microsoft product, and it has no association to the real Safe Mode that Windows includes. Furthermore, the fake Windows Safe Mode does not even resemble the real Safe Mode, since the real Windows Safe Mode is a mode that Windows boots into, not a program that handles hard drive errors. The real Windows Safe Mode is included in Windows by default, and it does not amount any extra money. There is no good reason for anything called Windows Safe Mode to ask you to pay for its service.

The many clones of Windows Safe Mode include System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low, Hdd Fix.

Technical Information

Screenshots & Other Imagery

Windows Safe Mode Image 1 Windows Safe Mode Image 2 Windows Safe Mode Image 3 Windows Safe Mode Image 4 Windows Safe Mode Image 5

File System Details

Windows Safe Mode creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%\Application Data\vu9C8ENY1q.exe 672,256 7af1133ffee64991699fd486ad953429 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • Laurelle G Kaley:

    Message came up on computer. I called them thinking it was microsoft he tried to sell me 500$ protection then activated safe mode no internet and dosent support programs

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.