Windows Custom Safety

By | June 9, 2012 | 0 Comment

You should not install a program called Windows Custom Safety. It is a malware that will seek your attention and advise the installation of the program. It keeps on pressuring user that a license version is needed in order to protect the PC and remove threats. There are instances that Windows Custom Safety will block all your files and state that it is infected when you try to run it. The malware may also render the antivirus program on your computer useless. There will be no reaction once you run the software.

If you still don’t know, Windows Custom Safety enters your computer through security breaches. Every software that is present on your PC has this weakness. Trojans will exploit this fault to gain an access into your machine and then it will communicate to a remote PC and download the fake antivirus software. Keeping your software updated is necessary in order to patch this fault and avoid the Trojan from entering your computer.

Whenever you got infected with fake security product such as Windows Custom Safety, remember that purchasing its registration key will not solve the problem. Instead, you need to scan the computer with real anti-malware program to delete every pieces of the malware. Listed on the guide below are free removal tools that can help remove Windows Custom Safety from an infected computer.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Custom Safety Infection?

Here is a screenshot image of the rogue program when it begins to scan the computer.

Windows Custom Safety Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “kuwtyplqai”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Custom Safety.lnk
%Desktop%\Windows Custom Safety.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *