Windows Saviour Firewall

By Domesticus in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: June 1, 2011
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Saviour Firewall Image

Despite its poorly spelled name, Windows Saviour Firewall is neither a firewall nor a Saviour. It isn't a Windows application either. What Windows Saviour Firewall is, is a rogue anti-spyware application that can wreak havoc on your system. Windows Saviours Firewall belongs to the fake Microsoft Security Essentials Alert family of rogue anti-spyware programs. There are dozens of clones of Windows Saviour Firewall, many of them with hilariously nonsensical names like "Windows Proofness Guarantor" or Windows Saviour Firewall". In short, these applications are part of a scam for stealing your money. Windows Saviour Firewall causes many problems on a computer system, all the while scaring the computer user. Don't give Windows Saviour Firewall your money. Instead, use a legitimate security application to remove this harmful security intrusion.
 

Windows Saviour Firewall Notifications, Alerts and Error Messages

Part of the way Windows Saviour Firewall operates is by pestering computer users with constant error messages and fake security alerts. In fact, all of Windows Saviour Firewall's clones share the same fake Microsoft Security Essentials notification. This fake alert will tell the user that Windows Saviour Firewall has detected a Trojan on the user's computer system. Usually this alert will look something like the one shown below.
 
Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

 
Computer users mistaking this alert for a real Microsoft Security Essentials alert will click on it. It will then run a scan that will find that the computer is infected with the Trojan Trojan.Horse.Win32.PAV.64.a. To remove this infection, you'll be asked to install Windows Saviour Firewall. You should disregard all of these messages completely. They are caused by a Trojan engineered to deliver rogue anti-spyware programs like Windows Saviour Firewall into your system.
 
Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

 
If a computer user presses on "OK", Windows Saviour Firewall will be downloaded and installed. It will alter the registry to start up this program along with Windows and then Windows Saviour Firewall will restart the computer. Once this step is done, it will prove quite hard for the computer user to regain control of his computer. This is due to the fact that when Windows Saviour Firewall starts, it is very difficult to leave Windows Saviour Firewall's screen. It will run a fake system scan showing further problems with your computer. It will also cause your computer to run slowly and will pester you constant fake security alerts. Some typical security alerts used by Windows Saviour Firewall are the following:
 
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

 
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

 

Removing Windows Saviour Firewall from Your System

Experts recommend that you use a reliable anti-malware tool to remove Windows Saviour Firewall. Due to the many harmful changes this application makes on an operating system, it can be difficult to fix everything manually. Because programs like Windows Saviour Firewall seldom attack alone, it is also recommended that you perform multiple scans on your system. Most importantly, ignore everything this rogue anti-spyware application claims in its interface and security alerts. These are all lies meant to scare you into giving up your credit card information. Don't give your money to the criminals that created Windows Saviour Firewall.

SpyHunter Detects & Remove Windows Saviour Firewall

File System Details

Windows Saviour Firewall may create the following file(s):
# File Name MD5 Detections
1. ggahpn.exe 88b7380b85dc7e9e1472f4718d749db7 1
2. %AppData%\Microsoft\[RANDOM CHARACTERS].exe

Registry Details

Windows Saviour Firewall may create the following registry entry or registry entries:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"

1 Comment

Remove Windows Saviour Firewall Reply

Thank you for providing this fix, indeed it was a very irritating trojan.

Trending

Most Viewed

Loading...