Windows Safety Module is a rogue anti-spyware program that reports false infections just to scare you into thinking that your computer is infected with spyware, trojans and very dangerous viruses. Once the fake system scan is finished, it will ask you to pay for a full version of the program to remove found infections from the system, however they do not even exist. Windows Safety Module is promoted mostly through the use of Trojans, malware droppers and infected websites. It can also comes from fake online virus scanners and social networks. The rogue program has to be manually installed most of the time, so to make its way to the system it pretends to be a video codec or flash player update. However, it can get on your computer without your knowledge as well. Means of infections can be very different.
While running, Windows Safety Module will pretend to scan your computer for the latest viruses and will later display a list of infections that supposedly can be removed with a full version of this malware only. Then it will constantly display fake security alerts and notifications claiming that your computer is infected with spyware that may stole your passwords and credit card information. What is more, the rogue program will disable Task Manager, Registry Editor and some other system tools including legitimate anti-spyware programs and malware removal tools, that's why you may have to reboot your computer in safe mode and run an automatic removal tool from there to remove Windows Safety Module virus.
Some of the fake Windows Safety Module alerts read:
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
If you find that your computer is infected with this malware then use removal instructions below to remove Windows Safety Module from your PC as soon as possible. Don't purchase it! If you have already purchased this rogue program then contact your credit card company and dispute the charges. We strongly recommend you to use an automatic removal tool listed below to remove this virus from your computer.
The latest parasite names used by FakeVimes:
Windows Safety Module manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe