Windows Safeguard Upgrade is a new member of rogue anti-spyware programs belonging to FakeVimes malware family. Malicious programs of this kind got special term – scareware – because they use social engineering technology and the fact that many users are not IT professionals to mislead people with its look, that resembles legitimate security software, and scare them with the fake security scans an a lot of fake reports about problems and infections found in the system. In fact, there might be none besides this program, and you need to remove Windows Safeguard Upgrade to prevent the harm to your security and privacy, as well as a serious threat to your credit card account.
All the point of this “scary show” is to make user believe that the system is really infected and he really needs to buy a license for Windows Safeguard Upgrade advanced version that will remove all these threats. In fact, there is no license or any advanced version of this fake security scanner. The only useful thing that already installed version of Windows Safeguard Upgrade might do is unblocking some system functions that might help to remove this program after you pay the money.
DON’T MAIL YOU CREDIT CARD TO CRIMINALS
Paying for this malware program is all the same as mailing all the security information along with your credit card to criminals that by the way also got paid by the sender for receiving such a mail. This kind malware usually comes to your system with Trojans downloaded from insecure or malicious sites, and they install not only the fake antivirus scanner expected to scare you, but also a spyware that hides in your system and waits for the moment when you will purchase license for Windows Safeguard Upgrade with your credit card over the internet. You need to remove this program as soon as possible.
The problem is that this malware hijacks an d might block many of the PC’s functions like Windows Task Manager and Registry editor and instead open malicious Advanced Process Control screen, which acts like a task manager but is a fake. Though, there is a way to get some blocks removed – make this malware believe that you are in the process of purchase or paid your money to its masters. Use this number as a registration code for fake registration. It might help to unlock the programs you need for Windows Safeguard Upgrade removal.
If it works, then you can try to download and run fresh antivirus or special removal program that is one step ahead. If this number wouldn’t help to unblock needed programs, you will need to start your system in Security mode and make all the necessary work by hand.
There are a number of special utilities found on the Internet designed to remove Windows Safeguard Upgrade from your computer without you assuming a risk of screwing up your system with some typos or other errors. It is more quick and reliable solution than manual removal.
If you remove Windows Safeguard Upgrade malware manually, then you need to unblock your internet access and have to block Windows Safeguard Upgrade sites, stop and remove all the malware processes, search and delete all Windows Safeguard Upgrade files on your PC and remove all the records made by the malware in your system registry.
How to remove Windows Safeguard Upgrade manually?
Stop Windows Safeguard Upgrade processes:
Protector-[random 3 chars].exe
Protector-[random 4 chars].exe
Remove Windows Safeguard Upgrade registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Delete Windows Safeguard Upgrade files:
%AppData%\Protector-[random 3 chars].exe
%AppData%\Protector-[random 4 chars].exe
%CommonStartMenu%\Programs\Windows Safeguard Upgrade.lnk
%Desktop%\Windows Safeguard Upgrade.lnk
There is no guarantee that Windows Safeguard Upgrade will use the same design for a long time. It might change, and the process of removal will need some adjustments. It is both faster and better to use special removal software that is maintained by professionals and the malware tracing teams.You also might scan your system with computer with a free HijackThis tool and look at the log that it makes and send request for the project support team along with a bunch of system that might help solution. This way is long and not that safe compared to automatic solution.