Windows Safety Wizard
Windows Safety Wizard Description
Windows Safety Wizard portrays itself as an anti-malware scanner that can work magic on your PC, but the only mystic tricks that SpywareRemove.com malware researchers have seen performing are hoaxes that warn you about fake PC threats. As an 2012-era derivative of the FakeVimes family of rogue anti-malware software, Windows Safety Wizard may not be able to detect or defend against actual Trojans, rootkits or spyware, but its inaccurate pop-up warnings and system scans will always include warnings about malicious software and attacks even if there’s not a grain of truth to these alerts. Since Windows Safety Wizard, like other members of its family, may also hinder real security programs, tamper with Windows security features or even redirect your browser, SpywareRemove.com malware research team encourages you to remove Windows Safety Wizard with actual anti-malware products as expediently as possible.The Catch Behind Windows Safety Wizard’s Security Magic
Windows Safety Wizard may seem to have more security features than the average anti-virus scanner, but this is purely due to all of Windows Safety Wizard’s being empty promises cloned from previous versions of FakeVimes-built scamware. Identical types of rogue security products include Windows Health Keeper, Smart Anti-Malware Protection, Windows Basic Antivirus, Windows Custodian Utility, Internet Security Essentials, VirusSecurity, Windows AntiHazard Center, Windows Privacy Extension, Windows Secure Workshop, Windows Control Series, Windows Security Renewal, Windows Enterprise Suite, Security Master AV, Windows Defending Center, Windows Safety Checkpoint, Security Antivirus, Windows Personal Doctor, Windows Antivirus Rampart, Windows Debug Center, Home Safety Essentials, Windows Crucial Scanner, System Protection Tools, Windows Expert Series, Windows Premium Defender, Smart Internet Protection 2011, Windows ProSecurity Scanner, Windows Abnormality Checker, My Security Engine, Windows Premium Guard, Windows Safeguard Upgrade, Windows Virtual Angel, Windows Security System, Windows Be-on-Guard Edition, Windows Pro Safety, Windows Interactive Safety, PC Live Guard, Windows Privacy Module, Windows Home Patron, Windows Pro Safety Release, Windows Performance Adviser, Windows Pro Web Helper, PrivacyGuard PRO, Enterprise Suite, Windows Smart Partner, Windows Maintenance Guard, Windows Performance Catalyst, Windows ProSecure Scanner, Internet Security Suite, Total Anti Malware Protection, Windows PRO Scanner, Windows Stability Guard, Windows Risk Minimizer, Windows Multi Control System, Windows Safety Module, Windows PC Aid, Windows Privacy Counsel, Windows Premium Console, Live Enterprise Suite, Strong Malware Defender, Personal Internet Security 2011, Windows Sleek Performance, Windows Smart Warden, Windows Safety Manager, Windows Ultimate Safeguard, Windows Managing System, Windows Guard Tools, Personal Security Sentinel, Windows Internet Booster, Windows Antivirus Machine, Windows System Defender, Windows Malware Sleuth, Windows High-End Protection, Windows Maintenance Suite, Home Malware Cleaner, Windows Secure Surfer, Windows Private Shield, Windows No-Risk Agent, Windows Security Suite, Windows Anti-Malware Patch, Windows Secure Workstation, Windows Web Commander, Anti-Malware Lab, Windows No-Risk Center, Windows Ultimate Security Patch, Windows Virtual Firewall, Windows Protection Unit, Windows Guard Solutions, Best Antivirus Software, Antivirus Smart Protection, Windows Proprietary Advisor, Windows Guardian Angel, Windows Activity Debugger, Windows Virtual Security, XP Smart Security, Windows Software Keeper, Keep Center Keeper, Activate Ultimate Protection, Smart Security, Windows Antihazard Solution, Windows AntiHazard Helper, Windows Interactive Security, Additional Guard, Windows Shielding Utility, Windows Safety Maintenance, Windows Instant Scanner, Windows Firewall Constructor, Windows Active Guard, Fast Antivirus 2009, Windows Pro Defence, Windows Protection Master, Windows Tools Patch, Windows Advanced Toolkit, CleanUp Antivirus, My Security Shield, Windows Safety Toolkit, Windows Functionality Checker, Windows First-Class Protector, Windows Safety Series, Windows Antivirus Care, Windows Proactive Safety, Smart Internet Protection 2012, Extra Antivirus, Windows Pro Solutions, Windows Custom Safety, Smart Virus Eliminator, Live PC Care, Windows Daily Adviser, Windows Custom Management, Windows Active Defender, Windows Virus Hunter, Windows Antivirus Patch, My Security Wall, Windows Antivirus Release, Windows Process Director, Windows Turnkey Console, Windows Secure Web Patch, Windows Telemetry Center, Windows Threats Destroyer, Windows Advanced User Patch, Windows Defence Counsel, Windows Care Taker, Windows Advanced Security Center, Virus Doctor, Windows Warding System, Windows Profound Security, Windows Enterprise Defender, Windows Web Combat, Best Malware Protection, Windows Pro Rescuer, Windows Problems Stopper, Windows Shield Tool, Smart Engine, Windows Software Saver, Windows Trouble Taker, Windows Protection Maintenance, Volcano Security Suite and Windows Efficiency Accelerator. Shared (and fake) features such as an anti-phishing defense and an Advanced Process Control can help you to identify Windows Safety Wizard and its close relatives, although actual deletion of Windows Safety Wizard and other members of FakeVimes should always use anti-malware programs when practical.
Windows Safety Wizard is built to infect Windows, and as such, will abuse the Windows Registry to start itself without requiring your permission.
- Browser redirects to harmful websites. Your search results may be rerouted through inappropriate sites and PC security sites may be blocked.
- Pop-up warnings that display inaccurate system security alerts; for example, Windows Safety Wizard may pretend to detect identity theft attacks, keyloggers or unauthorized changes to Windows (which, ironically, Windows Safety Wizard is guilty of causing on its own).
- Fake system scans that always return unrealistically huge lists of high-level PC threats such as rootkits and banking Trojans.
- Blocked security and anti-malware programs, especially including Windows utilities like Task Manager. These attacks may delete the corresponding Registry entries to make an application nonfunctional, or they may simply shut the relevant memory process down as soon as Windows Safety Wizard detects it.
Dispelling Windows Safety Wizard’s Illusion of PC Safety
Since there isn’t a single beneficial aspect to having Windows Safety Wizard’s not-so-unique brand of scamware on your computer, purchasing Windows Safety Wizard is also, obviously, a bad idea. However, while Windows Safety Wizard is designed with the intent of making you spend money on a registration key, SpywareRemove.com malware researchers have provided one for free: 0W000-000B0-00T00-E0020. This code can be used to reduce the instances of Windows Safety Wizard’s attacks, although it’s no substitute for removing Windows Safety Wizard properly.
Windows Safety Wizard Automatic Detection Tool (Recommended)
Is your PC infected with Windows Safety Wizard? To safely & quickly detect Windows Safety Wizard, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Windows Safety Wizard
What happens if Windows Safety Wizard does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 Windows Safety Wizard.lnk 330 2 %APPDATA%\ Protector-hdyq.exe 321 3 %WINDIR%\ SysWOW64\ config\ systemprofile\ AppData\ Roaming\ Protector-iqhj.exe 300 4 %WINDIR%\ system32\ config\ systemprofile\ AppData\ Roaming\ Protector-ehhn.exe 255 5 %AppData%\NPSWF32.dll N/A 6 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A 7 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A 8 %AppData%\result.db N/A 9 %AppData%\1st$0l3th1s.cnf N/A 10 %CommonStartMenu%\Programs\Windows Safety Wizard.lnk N/A 11 %Desktop%\Windows Safety Wizard.lnk N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-4_7"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "otbpxlqhjd"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\ASProtectHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Additional Information
- The following messages's were detected:
# Message 1 Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Posted: June 4, 2012 | By SpywareRemove
MoreThreat Level: 10/10
(1 votes, average: 5.00 out of 5)
Loading ...Rate this article:
Detection Count: 5
