Windows Safety Module is a fake anti-spyware program that will irritate you with faked system scans, spy on you, and let the other viruses and Trojans get in. All the show with scary bells and whistles is designed by cyber criminals for only one purpose – to steal your money. They even want you pay them for the process of this theft when you get scared and opt for the purchase of so-called “licensed version”, while they are spying on you and stealing all off your credit card account info. The final chord of this high-tech show is taking all the money from your credit card. In order to avoid this theft and the threats to your security and privacy, you need to remove Windows Safety Module from your system as soon as possible.
DO NOT PAY FOR THIS MALWARE
The process of Windows Safety Module manual removal presents some problem because this program can block the operating system tools that might help you to remove this program. It also will try to block antivirus programs and removal tools downloading from the internet. However, there is a common way to make Windows Safety Module think that you just purchased the license. For this pretend that you are registering this program and use the number below as a registration code:
The program should unlock access to important system tools, and also the access to the internet. So, you will be able to download security software and run a full system scan with a real antivirus for the removal of the fake one. However, there is no guaranty that general antivirus will handle this specific problem, and that is why you need to fix it yourself or download some special removal utility.
How to remove Windows Safety Module?
For manual removal you need to kill this program running processes with Task Manager, then remove files and registry entries related to Windows Safety Module. You probably need to restore all the blocked system tools that you need for the removal process. The biggest problem might introduce your own typos and errors made during work with your registry editor. Manual removal of this malware is for experienced IT specialists, system administrators, and the users with advanced knowledge and skills in system management.
If you are not an IT professional, the safer way to go is a use of some special removal tool that automates the process, saves your time and protects you against possible problems caused by human errors.
The list of manual tasks for Windows Safety Module removal.
Stop and remove Windows Safety Module processes:
Locate and delete Windows Safety Module registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Detect and delete other Windows Safety Module files:
All Users\Appdata\protector-[rnd].exe or
It is definitely impossible list all the file names and locations that this malware might, use since it is a subversion of a kind, and the solution that is good today might fail tomorrow without a notice from criminals. The automated removal utility for this malware is far more advanced way because it is maintained by antivirus professionals and they are tracing any changes in this malware development as well as using all the knowledge base to identify this kind of malware by its specific code patterns.
This let make the removal process quick and reliable.