Windows Safety Module

Windows Safety Module Description

ScreenshotAlthough Windows Safety Module claims that Windows Safety Module can keep a computer system free from malware, this is hard to believe, considering that Windows Safety Module is part of a multi-component malware attack itself. Windows Safety Module in particular is installed by a Trojan infection, uses a variety of Trojans in order to attack a computer system, and is often accompanied by a rootkit infection that can be quite difficult to remove. Windows Safety Module belongs to a category of malware known as fake antispyware programs, a kind of scareware designed to make computer users purchase useless security software. Windows Safety Module is one of the dozens of members of the family of rogue anti-virus programs.

ESG security researchers are well acquainted with the FakeVimes family of malware; FakeVimes rograms have been infecting computer systems since 2009. Because of this, most cases of infection with malware in this family are not too difficult to remove. However, ESG malware analysts have observed that FakeVimes programs released in 2012 tend to include an integrated ZeroAccess (also known as Sirefef) rootkit component. This rootkit makes removal of its components quite difficult since it creates a hidden file system that can hide the presence of malware on the victim's computer system. It also gives Windows Safety Module the capacity to disable known security software.

Preventing a Windows Safety Module Attack

There are many clones of Windows Safety Module, that is, various versions of the same malware infection with different names. These are used to throw PC security researchers off, making it necessary for malware analysts to have to keep up with new releases in order to dispense new cures for infected computer system. Examples of clones of Windows Safety Module include programs with names like

Despite their different names, all of these programs carry out the same scam. Basically, they scare computer users into paying for a fake "upgrade" for Windows Safety Module by displaying misleading error messages and false positives for severe malware infections on the victim's computer system. ESG malware analysts strongly advise against paying for Windows Safety Module. Instead, a reliable anti-malware program with anti-rootkit technology should be used to scan the infected computer system. You can enter the registration code 0W000-000B0-00T00-E0020 as a way to make many of Windows Safety Module's irritating error messages stop (keep in mind that this will not remove Windows Safety Module, but only stop its most annoying symptoms; removal with a reliable anti-malware program is still strongly recommended).

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Safety Module infects a computer.

Windows Safety Module Video

Windows Safety Module Image 1 Windows Safety Module Image 2 Windows Safety Module Image 3 Windows Safety Module Image 4 Windows Safety Module Image 5 Windows Safety Module Image 6 Windows Safety Module Image 7 Windows Safety Module Image 8 Windows Safety Module Image 9 Windows Safety Module Image 10 Windows Safety Module Image 11 Windows Safety Module Image 12

Registry Details

Windows Safety Module creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

More Details on Windows Safety Module

The following messages associated with Windows Safety Module were found:
Error
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.