Windows Interactive Safety

By | August 6, 2012 | 0 Comment

Windows Interactive Safety is another kind of rogue software that you can acquire when browsing unsafe web sites. There is nothing new about this malware. It makes use of the same technique and method to penetrate a target computer. You should also know that Windows Interactive Safety works its way into Windows start-up process by adding entries on the registry.

So many people have mistakenly accepted this rogue program as legal antivirus product. Maybe, they are blinded by the design of this software. It has a neat console, just like genuine antivirus program. In fact, it mimics security center of the popular operating system to lure its victims. Producing fake scan result is one part of Windows Interactive Safety to deceive user. Another fraction will give you constant browser redirect. Your Internet surf habit may get affected when this malware starts to point you to unknown addresses. Then, there are time that Windows Interactive Safety will disable your access to Internet and produce fake connection warning. All of these are implemented to persuade you into buying the paid version of the rogue product.

If you have this threat on your PC, there is no other way to turn but to remove Windows Interactive Safety instantly. To do this, simply follow the guide below this page. Also, download our suggested removal tool to make sure that you will uninstall the threat completely.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Interactive Safety Infection?

One can confirm the presence of Windows Interactive Safety on the
computer if virus scan similar to the image below is displayed on the computer.

Windows Interactive Safety Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-7-01_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mkcbytdghf”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mjsu51xo.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Interactive Safety.lnk
%Desktop%\Windows Interactive Safety.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *