Windows Software Saver

Windows Software Saver Description

ScreenshotWindows Software Saver is a rogue anti-virus program in the FakeVimes family of malware. Windows Software Saver is part of a large batch of FakeVimes clones responsible for numerous infections in the first months of 2012. The family has been around for a couple of years and usually its rogue anti-virus programs are not a particularly difficult problem for most anti-virus programs. This is because PC security researchers have had plenty of time to study these malware threats and adapt to them.

However, the main danger associated with Windows Software Saver is the fact that this recent batch of malware tends to be bundled with a rootkit component. Windows Software Saver, like most FakeVimes-type programs, tends to use file names made up of three random characters. In the case of Windows Software Saver, these three random characters are preceded with the "inspector-" string (for example, the file names would look something like "inspector-xxx.exe"), located in the system folder. If you find that your computer system has become the victim of a Windows Software Saver infection, ESG malware analysts strongly recommend using a reliable anti-virus program with anti-rootkit technology to drive it out of your hard drive.

How Windows Software Saver and Its Clones Try To Steal Your Money

Windows Software Saver has dozens of clones, including such fake anti-virus programs as

Windows Software Saver and its clones all work in the same way, infecting a computer system and attempting to make the victim believe that their computer is the target of a severe malware attack. In fact, this is only half a lie. While the victim's computer is, in fact, being attacked with dangerous malware, the malware infection is actually composed of Windows Software Saver itself, along with several other associated malicious files that allow it to infect a computer system more effectively.

The goal of a Windows Software Saver infection is to convince the victim that they must purchase a "full version" of Windows Software Saver, which is no different from the initial version of this rogue security program. To carry out its scam, Windows Software Saver makes changes to the Windows Registry and system settings that allow Windows Software Saver to start up automatically with windows and display constant, irritating, error messages and fake system alerts claiming constantly that the victim's computer is severely infected.

Technical Information

Screenshots & Other Imagery

Windows Software Saver Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Software Saver creates the following file(s):
# File Name Detection Count
1 %AppData%Protector-[RANDOM 3 CHARACTERS].exe N/A
2 %AppData%NPSWF32.dll N/A
3 %Desktop%Windows Software Saver.lnk N/A
4 %CommonStartMenu%ProgramsWindows Software Saver.lnk N/A
5 %AppData% esult.db N/A

Registry Details

Windows Software Saver creates the following registry entry or registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"