Windows Safety Series

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: August 14, 2012
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Safety Series Image

Windows Safety Series is a malicious application disguised as a legitimate security program. These kinds of bogus anti-virus utilities belong to an ordinary online scam that involves a multi-component malware attack designed to steal a victim's money. Windows Safety Series will try to convince the victim that the targeted computer is severely infected with various Trojans and viruses. However, these are lies which depend on trying to convince inexperienced computer users to purchase a fake 'full version' of Windows Safety Series. Windows Safety Series should not be allowed to remain installed on a computer since it usually means that the computer has become the target of a dangerous malware attack.

Since 2009, fake security programs like Windows Safety Series have been released periodically. These belong to a large family of malware known as FakeVimes. Although most security programs can remove most FakeVimes rogue security programs, Windows Safety Series and other FakeVimes malware released in 2012 will often include a dangerous rootkit component. This rootkit component, usually belonging to the Sirefef family of malware, can make Windows Safety Series and its many clones particularly difficult to remove and detect. Some examples of these kinds of fake security programs include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. Due to the presence of the aforementioned rootkit component, a specialized anti-rootkit tool may be required to deal with Windows Safety Series and its many clones.

Do Not Become a Victim of the Windows Safety Series Scam!

Windows Safety Series has no way of actually detecting or removing malware. Windows Safety Series will try to convince you that your computer is infected by causing a variety of annoying symptoms. Some symptoms associated with Windows Safety Series include frequent browser redirects, system instability, and problems opening security software or other kinds of applications. However, the main symptom that characterizes rogue security programs such as Windows Safety Series is the presence of numerous, irritating, constant error messages. These can appear as Windows system alerts or as pop-up notifications from the Task Bar. Do not fall for this scam! Rather than purchasing a 'full version' of Windows Safety Series, remove this fake security program with a reliable anti-malware tool. You can 'register' Windows Safety Series with the code 0W000-000B0-00T00-E0020 in order to halt the stream of annoying error messages, although that will not remove Windows Safety Series from an infected computer.

SpyHunter Detects & Remove Windows Safety Series

Windows Safety Series Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Safety Series may create the following file(s):
# File Name MD5 Detections
1. Protector-ches.exe b0c65f40ec130ec120c6169e551841ca 1
2. %AppData%\Protector-[RANDOM CHARACTERS].exe

Registry Details

Windows Safety Series may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

Trending

Most Viewed

Loading...