Do you known what Windows Safety Maintenance is?
Windows Safety Maintenance is a deceptive program, a duplicate of Windows Multi Control System, which has been created by the cyber criminals who want to lure Windows users into believing in the legitimacy of Windows Safety Maintenance. The rogue is attributed to the Rogue.VirusDoctor family, which has a bunch of malware created for the same purpose. After noticing this latent program on the computer, do not hesitate to remove it, because serious difficulties might arise.
The criminals created many disorders of the system to threaten users. The system is “scanned”, and a lot of imaginary threats such as malware, Trojans and viruses are presented on the screen. Moreover, Windows Safety Maintenance displays simulated warnings in Task bar and pops up fake errors of the system. For example, you might find these errors which are just a few of the simulated messages:
Warning! Virus Detected
Threat detected: FTP Server
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
The criminals want you to think that the system is severely damaged. These bogus messages are used to make you activate Windows Safety Maintenance which will supposedly remove the threats such as P2P-Worm.Win32 or Virus.Win32.Sality. These threats are real, but they do not exist in the system. However, do not attempt to delete these files on your own, because you might damage the system. You should ignore the “threats” and keep in mind that you have to get rid of this infection.
The malware is notorious for its ability to limit the usage of the system. It disables Registry Editor and some executable files. For example, the rogue creates many registry editors which do not allow a security tool to launch when user wants to scan the system. Moreover, Task Manager, which is responsible for showing how the system is processing, is also inaccessible to users, not to mention the fact that the Internet connection is limited. Do not worry about this “harm” because it is repairable. All you have to do is to eliminate the pest from the system.
The elimination of the malware has profound importance. The rogue has to be removed completely without the remains of Windows Safety Maintenance left in the system. To terminate this infection manually, you should have Registry Editor restored. An activation key helps in this case:
This key supposedly activates the rogue which means that you can again use the Internet and access the system’s parts that were disabled. After the “activation” you have to terminate the malicious processes, delete the registry entries created by the rogue and remove certain files. If it sounds too tricky for you, we recommend you delete the rogue by using a legitimate and trusted antispyware application. It will detect and delete Windows Safety Maintenance automatically, and there will no components of Windows Safety Maintenance left in the system.
In non-techie terms:
Remove Windows Safety Maintenance, because this is a false security application. It does not protect the system but aims to get your money.
Warning, this parasite is known to disable your Internet connection. Click here for instructions explaining how to restore your Internet access.
Stop These Processes:
Find and Delete These Files:
- Windows Safety Maintenance.lnk
- %Desktop%\Windows Safety Maintenance.lnk
- %CommonStartMenu%\Programs\Windows Safety Maintenance.lnk
Remove These Registry Values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-20_4"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rohjjdbsbt"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
Windows Safety Maintenance Removal Guide Automatic Removal Instructions
Did You Find this Article Helpful?Subscribe to Spyware Techie for more!
Or get latest articles to your via email: