Windows Salvage System

By Domesticus in Rogue Anti-Spyware Program

Windows Salvage System Image

Windows Salvage System is a fake security program that uses bogus system scans to list fictitious malware reports. These malware reports are meant to deceive and scare Internet users into thinking that their computer is at risk. Once the Internet users is under the impression that there's a problem, Windows Salvage System then leads Internet users to a purchase page to pay for the full version of the scamware. Windows Salvage System's scanner may appear to be genuine, but it is far from legitimate.

Windows Salvage System's sole purpose is to collect money from frighten Internet users. Windows Salvage System promises to remove the malware but it has no malware removal capabilities and has no intention of improving the performance of a computer. The only real malware problem that Internet users need to worry about is the rogue program Windows Salvage System. Windows Salvage System is part of the rogueware family of programs that use the Windows name; for example, Windows Oversight Center, Windows Risks Preventions
Windows Necessary Firewall, and Windows Custom Settings.

If you've clicked on a download link on a suspicious website and you've installed Windows Salvage System, you must remove Windows Salvage System from your computer immediately upon detection. Security experts recommend investing in a reliable anti-malware program that gives you both the ability to detect and remove the Trojan that allows Windows Salvage System to continue on your PC as well as terminate the fake security program Windows Salvage System.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Details

Windows Salvage System may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe

Registry Details

Windows Salvage System may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'


The following messages associated with Windows Salvage System were found:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos [sic] possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!


Most Viewed