Threat Database Rogue Anti-Virus Program Windows Safety Checkpoint

Windows Safety Checkpoint

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: April 27, 2012
Last Seen: February 6, 2019
OS(es) Affected: Windows

Windows Safety Checkpoint Image

Windows Safety Checkpoint is an application that closely mimics real security programs, such as Microsoft Security Essentials or Windows Defender. However, Windows Safety Checkpoint has no real anti-virus capabilities. According to ESG PC security researchers, Windows Safety Checkpoint is a type of malware commonly known as a rogue anti-virus program. Rogue antivirus programs are often installed by Trojans and closely associated with other malware. They are designed to make a PC user think that their computer has been invaded by numerous viruses and then attempts to sell the victim a fake anti-virus program, such as Windows Safety Checkpoint.

Windows Safety Checkpoint belongs to a large family of rogue anti-virus software that has been around since 2009. Known as the FakeVimes family of malware, these bogus security applications are still active in 2012. In fact, the most recent versions of FakeVimes malware are much more malicious than previous iterations due to their association with the ZeroAccess rootkit. Windows Safety Checkpoint is one of the many FakeVimes programs released in 2012; others include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

How Criminals Use Windows Safety Checkpoint to Scam Their Victims

The main goal of Windows Safety Checkpoint is to sell bogus registration keys in order to obtain a useless 'full version' of Windows Safety Checkpoint. To convince their victims that they need to 'upgrade', Windows Safety Checkpoint displays many fake security alerts and error messages that supposedly indicate the presence of a severe Trojan and virus infestation in the victim's computer. Then, Windows Safety Checkpoint, pretending to be a real security program, claims that this supposed infection can be fixed by upgrading this fake security application. Other ways in which Windows Safety Checkpoint misleads its victims is by causing browser redirects, affecting system performance, and preventing the victim from accessing files on the infected computer system.

ESG team of malware researchers strongly advises against paying for Windows Safety Checkpoint and removing this fake security program from your computer system immediately. However, removing this program is not as easy as removing a normal application. Usually, it will be necessary to use a reliable security program. You can stop Windows Safety Checkpoint's most annoying symptoms by entering the registration code 0W000-000B0-00T00-E0020. While this will not remove Windows Safety Checkpoint, it will grant computer users greater freedom in accessing their security software in order to remove Windows Safety Checkpoint safely and permanently.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Safety Checkpoint

Windows Safety Checkpoint Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Safety Checkpoint may create the following file(s):
# File Name MD5 Detections
1. Protector-obux.exe 6d3b5309cfb72ace5320a827d09a91df 1
2. Protector-ucxk.exe e2b9f9e66abbb94a9477ca14a3ad39d8 1
3. %AppData%\Protector-[RANDOM CHARACTERS].exe
4. %AppData%\Inspector-[RANDOM CHARACTERS].exe

Registry Details

Windows Safety Checkpoint may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

Messages

The following messages associated with Windows Safety Checkpoint were found:

Error
Trojan activity detected. System data security is at risk.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Trending

Most Viewed

Loading...