Windows Safety Checkpoint

Windows Safety Checkpoint Description

ScreenshotWindows Safety Checkpoint is an application that closely mimics real security programs, such as Microsoft Security Essentials or Windows Defender. However, Windows Safety Checkpoint has no real anti-virus capabilities. According to ESG PC security researchers, Windows Safety Checkpoint is a type of malware commonly known as a rogue anti-virus program. Rogue antivirus programs are often installed by Trojans and closely associated with other malware. They are designed to make a PC user think that their computer has been invaded by numerous viruses and then attempts to sell the victim a fake anti-virus program, such as Windows Safety Checkpoint.

Windows Safety Checkpoint belongs to a large family of rogue anti-virus software that has been around since 2009. Known as the FakeVimes family of malware, these bogus security applications are still active in 2012. In fact, the most recent versions of FakeVimes malware are much more malicious than previous iterations due to their association with the ZeroAccess rootkit. Windows Safety Checkpoint is one of the many FakeVimes programs released in 2012; others include Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

How Criminals Use Windows Safety Checkpoint to Scam Their Victims

The main goal of Windows Safety Checkpoint is to sell bogus registration keys in order to obtain a useless 'full version' of Windows Safety Checkpoint. To convince their victims that they need to 'upgrade', Windows Safety Checkpoint displays many fake security alerts and error messages that supposedly indicate the presence of a severe Trojan and virus infestation in the victim's computer. Then, Windows Safety Checkpoint, pretending to be a real security program, claims that this supposed infection can be fixed by upgrading this fake security application. Other ways in which Windows Safety Checkpoint misleads its victims is by causing browser redirects, affecting system performance, and preventing the victim from accessing files on the infected computer system.

ESG team of malware researchers strongly advises against paying for Windows Safety Checkpoint and removing this fake security program from your computer system immediately. However, removing this program is not as easy as removing a normal application. Usually, it will be necessary to use a reliable security program. You can stop Windows Safety Checkpoint's most annoying symptoms by entering the registration code 0W000-000B0-00T00-E0020. While this will not remove Windows Safety Checkpoint, it will grant computer users greater freedom in accessing their security software in order to remove Windows Safety Checkpoint safely and permanently.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Safety Checkpoint infects a computer.

Windows Safety Checkpoint Video

Windows Safety Checkpoint Image 1 Windows Safety Checkpoint Image 2 Windows Safety Checkpoint Image 3 Windows Safety Checkpoint Image 4 Windows Safety Checkpoint Image 5 Windows Safety Checkpoint Image 6 Windows Safety Checkpoint Image 7 Windows Safety Checkpoint Image 8 Windows Safety Checkpoint Image 9 Windows Safety Checkpoint Image 10 Windows Safety Checkpoint Image 11

File System Details

Windows Safety Checkpoint creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%Protector-obux.exe 1,860,608 6d3b5309cfb72ace5320a827d09a91df 1
2 %APPDATA%Protector-ucxk.exe 1,865,216 e2b9f9e66abbb94a9477ca14a3ad39d8 1
3 %AppData%\Protector-[RANDOM CHARACTERS].exe N/A
4 %AppData%\Inspector-[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Safety Checkpoint creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

More Details on Windows Safety Checkpoint

The following messages associated with Windows Safety Checkpoint were found:
Error
Trojan activity detected. System data security is at risk.
Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.