Severity scale  
  (66/100)

Windows Safety Module. How to Remove? (Uninstall Guide)

removal by - -   Also known as WindowsSafetyModule | Type: Rogue Antispyware
12

Windows Safety Module is a rogue anti-spyware program that reports false infections just to scare you into thinking that your computer is infected with spyware, trojans and very dangerous viruses. Once the fake system scan is finished, it will ask you to pay for a full version of the program to remove found infections from the system, however they do not even exist. Windows Safety Module is promoted mostly through the use of Trojans, malware droppers and infected websites. It can also comes from fake online virus scanners and social networks. The rogue program has to be manually installed most of the time, so to make its way to the system it pretends to be a video codec or flash player update. However, it can get on your computer without your knowledge as well. Means of infections can be very different.

While running, Windows Safety Module will pretend to scan your computer for the latest viruses and will later display a list of infections that supposedly can be removed with a full version of this malware only. Then it will constantly display fake security alerts and notifications claiming that your computer is infected with spyware that may stole your passwords and credit card information. What is more, the rogue program will disable Task Manager, Registry Editor and some other system tools including legitimate anti-spyware programs and malware removal tools, that's why you may have to reboot your computer in safe mode and run an automatic removal tool from there to remove Windows Safety Module virus.

Some of the fake Windows Safety Module alerts read:

Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.

Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

If you find that your computer is infected with this malware then use removal instructions below to remove Windows Safety Module from your PC as soon as possible. Don't purchase it! If you have already purchased this rogue program then contact your credit card company and dispute the charges. We strongly recommend you to use an automatic removal tool listed below to remove this virus from your computer.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Safety Module. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Windows Safety Module. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2012-05-01 04:59)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2012-05-01 04:59)
Hitman Pro
Webroot SecureAnywhere AntiVirus
Windows Safety Module screenshot
Windows Safety Module snapshot

Windows Safety Module manual removal

Kill processes:
Inspector-[rnd].exe
Protector-[rnd].exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Delete files:
%AppData%\Inspector-[rnd].exe
%AppData%\Protector-[rnd].exe

Information updated:

Comments on Windows Safety Module

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)