Jun 8, 2013

Computer Infected with Windows Safety Maintenance? Guide on How to Manually Remove It

Has your antivirus software Kaspersky been changed to Windows Safety Maintenance without your permission? Don’t know how it gets into your computer and can’t uninstall it? Are you stuck with lots of pop-up system messages and viruses? You will be taught here on how to successfully remove it by yourself.

Windows Safety Maintenance Malware Analysis

Windows Safety Maintenance is one of the latest viruses coming from Rogue.FakeVimes family. Being an upgrade version, it not only has a trustworthy appearance to deceive computer users, but becomes much smarter than the previous fake programs of the Windows serial. According to some surveys carried out in the United States, this virus has become so genius that even running in safe mode won’t stop it from popping up. Designers must have put a lot more efforts so as to make it stay in users’ computers as long as possible and collect much more money from the vast victims. It is also known as a cyber crime.

Your computer can be infected with Windows Safety Maintenance scam via several ways which you may have been aware of. For example, visiting or downloading illegal porno webpages or movies, installing unknown free programs and opening spam emails. Why doesn’t your antivirus software work on this virus? Because the creators of it have qualified with abundant knowledge of computer and antivirus software so that they can make a virus to be anti-detection and anti-removal. At first you will encounter lots of security alerts showing up to gain your attention. Then you are suggested to download and install this fake virus protector to delete viruses and take care of your computer. Since it is difficult to distinguish between real and fake system messages, and you are confused by the termination of the antivirus software, you’ll have no other choice but follow what it tells you to download and install. When installation is finished, Windows Safety Maintenance will start a scan automatically and state that there are many critical system errors and viruses with highlight notes to draw your attention. When you try to “Prevent attacks” or “Activate ultimate protection”, you will definitely need to make a payment and purchase the full version. But don’t fall for this trick. Even if you have paid, nothing would happen but will leave you in the same situation. Therefore, it is suggested that you should totally ignore what it says and get it out of your computer as quickly as you can.

Screen Shots of Windows Safety Maintenance Scam

Starting The Build Creation System

Fake System Alert

Scanning Results with Several Levels of Troubles

Trial Version for You to Activate Ultimate Protection

The Payment Needed Window

Fake Alerts Examples:

Warning
Firewall has blocked a program from accessing the Internet
C:\programs files\Internet Explorer\iexplore.exe
is suspected to have infected your computer. This type of virus intercepts entered data and transmits them to a remote server.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Risky Factors of Windows Safety Maintenance Virus

1. Lots of pop-ups and fake alerts will slow down the overall speed generally till you are facing an extremely slow computer which you find difficult to do anything on it;
2. Icons from your desktop will be hidden and leaves you a black empty desktop;
3. Other malware and viruses will be installed without your permission;
4. Personal information will be captured by remote hosts to do Internet crimes.

Manually Remove Windows Safety Maintenance Step by Step

As mentioned before that no legitimate antivirus programs can 100% remove this virus, you will need to do the removal manually. You may need to do a backup system beforehand. Following are some steps for you to consider:

1. Reboot your infected computer and get into “Safe Mode with Networking”. To do that you need to keep pressing F8 key on your keyboard and use the arrow keys to select and press E/Enter;
2. Press Ctrl+Alt+Del to open the Windows Task Manager;
3. End the process Windows Safety Maintenance.exe;
4. Find out and delete all these associating files and registry entries as below:
%AppData%\Protector-[rnd].exe
%AppData%\NPSWF32.dll

%AppData%\result.db

%CommonStartMenu%\Programs\{random}.lnk

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Regedit32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\”Shell” = “{random}.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

Similar Video Shows You How to Safely Modify Windows Registry Editor:

 

Tips: It is strongly recommended that Windows Safety Maintenance virus must be deleted with expertise, so if you have failed to do it by yourself, please contact YooCare experts for a fast and professional help.

Published by & last updated on June 8, 2013 5:56 pm

Leave a Reply

Problems with your PC, Mac or mobile device?

Live Chat Now

Thanks for using YooCare Services!

Here're some of the support team members who are passionate about their works and support our customers 24/7.

As Seen On