Windows Safety Manager
Posted: April 17, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | April 17, 2012 |
---|---|
OS(es) Affected: | Windows |
Far from being a guardian of your computer's safety, Windows Safety Manager is a rogue anti-virus application that creates fake security alerts for the purposes of making its nonexistent services seem needed, as well as using a selection of other attacks that directly reduce your PC security. Symptoms of a Windows Safety Manager infection can include pop-up alerts, search engine hijacks, disabled Windows security features and problems with launching or running PC security programs. SpywareRemove.com malware researchers suggest that you do your best to identify and ignore fake alerts and other attempts at deceit that Windows Safety Manager may throw your way, and remove Windows Safety Manager with the same types of anti-malware programs that you would bring to bear against any virus, worm or Trojan.
Windows Safety Manager – a New Brand Name Wrapped Around a Well-Used Threat
Windows Safety Manager may want to convince you that Windows Safety Manager is an original and helpful anti-virus program, but SpywareRemove.com malware researchers have corroborated its existence as nothing more than a clone of other PC threats from FakeVimes. Identical clones of Windows Safety Manager that exhibit equally harmful characteristics include but aren't limited to Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. Besides looking just like each other, these scamware-based PC threats are also known for reusing their fake warning messages, and you may want to watch out for fake alerts on any Windows Safety Manager-infected computer.
While Windows Safety Manager's aim is to use its fake system information to threaten you into spending money on buying a purchasable version of its faux security software, SpywareRemove.com malware experts recommend that you keep your money to yourself. System scans, pop-up alerts and all other forms of security information from Windows Safety Manager are always fraudulent, and Windows Safety Manager will never detect or remove real PC threats from your computer. In spite of all this, you may find it helpful to fake registering Windows Safety Manager before you try to delete Windows Safety Manager with anti-malware software. One freely-circulated code, '0W000-000B0-00T00-E0020,' is available to accomplish this if you need to take that extra step to put Windows Safety Manager down.
How to Make Sure That Windows Safety Manager Doesn't Keelhaul Your Real Safety-Enhancing Software
Windows Safety Manager's fake security functions may be the centerpiece of its hoax as a rogue anti-virus product, but Windows Safety Manager is also equipped with other attacks that can be considered more dangerous to your PC than its pop-ups. Some of Windows Safety Manager's worst potential security risks include:
- Altered system settings that reduce your Windows and browser security in various ways (such as by disabling invalid signature detection or the UAC).
- Browser redirects that make your web browser lead you to unusual sites or fail to load benign websites. Windows Safety Manager is particularly likely to cause a redirect after you try to use a search engine.
- A thorough security program blockade that prevents you from using anti-malware applications and Windows tools like Task Manager.
Fortunately, all of these issues can be put to a halt by just launching Windows in a way that disables Windows Safety Manager's automatic startup. For this purpose, SpywareRemove.com malware researchers can recommend Safe Mode or a boot from a removable drive, while afterward, Windows Safety Manager should be removed by a qualified anti-malware program.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 2.39 MB (2392576 bytes)
MD5: 82cc5b0597ed3e1c81269c7d0d02e518
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 4, 2014
%APPDATA%\Protector-hpp.exe
File name: Protector-hpp.exeSize: 2.03 MB (2033152 bytes)
MD5: 1905bdaf77029c09b4bcd685d87a20fe
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 17, 2012
%SystemDrive%\Users\<username>\AppData\Roaming\Protector-cyss.exe
File name: Protector-cyss.exeSize: 1.93 MB (1934336 bytes)
MD5: 6ed6913e340792dff123b5b6de491daf
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: April 17, 2012
%AppData%\result.db
File name: %AppData%\result.dbMime Type: unknown/db
Group: Malware file
%AppData%\NPSWF32.dll
File name: %AppData%\NPSWF32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\Protector-[RANDOM CHARACTERS].exe
File name: %AppData%\Protector-[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonStartMenu%\Programs\Windows Safety Manager.lnk
File name: %CommonStartMenu%\Programs\Windows Safety Manager.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Desktop%\Windows Safety Manager.lnk
File name: %Desktop%\Windows Safety Manager.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-4-7_2"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ahwohainwk"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe
Additional Information
# | Message |
---|---|
1 | Error
Attempt to modify Registry key entries detected. Registry entry analysis recommended. |
2 | Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
3 | Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC. |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.