Windows Safety Manager
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | April 17, 2012 |
| OS(es) Affected: | Windows |
Windows Safety Manager Image
Windows Safety Manager is one of the many variants of Rogue:FakeVimes, a family of rogue anti-virus programs. The Windows Safety Manager scam is not particularly original, like almost all rogue anti-virus programs, Windows Safety Manager uses misleading messages and alarming security alerts to make its victims believe that their computer is infected with malware. Windows Safety Manager uses a highly-authentic interface to imitate an actual security application. The reason why Windows Safety Manager does this is to make the victims believe that their computer is under attack and that only a "full version" of Windows Safety Manager can fix this imaginary attack.
Windows Safety Manager can also cause erratic behavior on the infected computer, including problems accessing the Internet and files on the infected computer, as well as problems with security software installed on the infected machine and browser redirects. All of these problems add up to a severe problem that can make it nearly impossible to use the infected computer. ESG analysts strongly recommend removing Windows Safety Manager immediately, more than a simple annoyance; Windows Safety Manager poses a real security risk that should be handled immediately.
Table of Contents
How Criminals Use Windows Safety Manager to Attack Computer Users
Windows Safety Manager's genuine-looking interface can make computer users believe that Windows Safety Manager is related in some way to the Windows operating system. However, this could not be farther from the truth; Windows Safety Manager has no actual anti-malware functions. Windows Safety Manager is closely related to numerous clones of malware in the FakeVimes family and belongs to a particularly insidious batch of FakeVimes rogue anti-virus programs released in 2012. Some examples of clones of Windows Safety Manager include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
The Windows Safety Manager main window includes several misleading features, such as a Help or Support option and features with names like "advanced process control". However, these are all for show, in order to make the Windows Safety Manager scam more effective. Attempting to use any of these supposed features to fix a malware infection simply results in notifications stating that the selected problems can only be fixed with the "full version" of Windows Safety Manager. Then, Windows Safety Manager will redirect the victim to a page where they can enter their credit card information in order to purchase this supposed upgrade. ESG malware analysts strongly advise against purchasing Windows Safety Manager or believing any of its claims.
SpyHunter Detects & Remove Windows Safety Manager
Windows Safety Manager Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | Protector-hpp.exe | 1905bdaf77029c09b4bcd685d87a20fe | 2 |
| 2. | Protector-cyss.exe | 6ed6913e340792dff123b5b6de491daf | 2 |
| 3. | %AppData%\NPSWF32.dll | ||
| 4. | %AppData%\Protector-[RANDOM CHARACTERS].exe | ||
| 5. | %AppData%\result.db | ||
| 6. | %CommonStartMenu%\Programs\Windows Safety Manager.lnk | ||
| 7. | %Desktop%\Windows Safety Manager.lnk | ||
| 8. | file.exe | 82cc5b0597ed3e1c81269c7d0d02e518 | 0 |
Registry Details
Messages
The following messages associated with Windows Safety Manager were found:
|
Error
Attempt to modify Registry key entries detected. Registry entry analysis recommended. |
|
Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC. |
