Windows Safety Module is a rogue anti-spyware program that reports false infections just to scare you into thinking that your computer is infected with spyware, trojans and very dangerous viruses. Once the fake system scan is finished, it will ask you to pay for a full version of the program to remove found infections from the system, however they do not even exist. Windows Safety Module is promoted mostly through the use of Trojans, malware droppers and infected websites. It can also comes from fake online virus scanners and social networks. The rogue program has to be manually installed most of the time, so to make its way to the system it pretends to be a video codec or flash player update. However, it can get on your computer without your knowledge as well. Means of infections can be very different.
While running, Windows Safety Module will pretend to scan your computer for the latest viruses and will later display a list of infections that supposedly can be removed with a full version of this malware only. Then it will constantly display fake security alerts and notifications claiming that your computer is infected with spyware that may stole your passwords and credit card information. What is more, the rogue program will disable Task Manager, Registry Editor and some other system tools including legitimate anti-spyware programs and malware removal tools, that's why you may have to reboot your computer in safe mode and run an automatic removal tool from there to remove Windows Safety Module virus.
Some of the fake Windows Safety Module alerts read:
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
If you find that your computer is infected with this malware then use removal instructions below to remove Windows Safety Module from your PC as soon as possible. Don't purchase it! If you have already purchased this rogue program then contact your credit card company and dispute the charges. We strongly recommend you to use an automatic removal tool listed below to remove this virus from your computer.
Windows Safety Module manual removal
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Comments on Windows Safety Module
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.