Windows Software Keeper is a dangerous application that belongs to Rogue,FakeVimes family of fake antivirus program that are currently sneaking onto more and more computer systems. It's predecessors have appeared on the system named as Windows Problems Stopper, Windows No-Risk Center and others.
Windows Software Keeper behaves just like most of rogue anti-spyware programs. The program uses its fake scanner which simulates system scan and reports about plenty of malicious files found on your system. The program recommends removing them urgently and even suggests its own services. All you need to do is pay for a license of Windows Software Keeper. Then a program promises all in one security tool.
Additionally, Windows Software Keeper changes some of the keys in your Windows Registry which floods your system with fabricated security notifications and pop up ads stating about spyware infections detected.
Moreover, you can receive a firewall alert which looks quite professionally. These messages basically warn that your private data can be revealed. Here's how they look like:
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.
Warning! Identity theft attempt Detected
Hidden connection IP: xxxxxxxxx
Target: Your passwords for sites
As you see, Windows Software Keeper is not a useful program, contrary, it must be eliminated as soon as possible. The best way to get rid of Windows Software Keeper is using a legitimate anti-spyware program, for example, Malwarebytes Malwarebytes or Reimage. Get rid of this nightmare without any hesitations. In case you have paid for it, contact your bank and dispute the charges as soon as you can.
The latest parasite names used by FakeVimes:
Windows Software Keeper manual removal:
Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
%CommonStartMenu%ProgramsWindows Managing System.lnk
%Desktop%Windows Managing System.lnk