SaveKeeper is yet another fake security program created for Windows users and actively being spreads using Trojan and fake security websites. Its previous variants includes SaveKeep, QuickHealCleaner, SaveSoldier, SystemCop, WiniShield and BlockDefense to name a few. All of these users familiar rogue program technique to sell itself – that is by means of overstated computer security status.
Malware such as SaveKeeper can get into computers easily but may take a real tech savvy to remove. Please note that other rogue programs masquerade as a SaveKeeper Removal Tool but in fact the goal is the same, to mislead computer users into buying the program. This should be a warning that not all that look and sound as “security program” can be trusted.
What are the Symptoms this rogue program?
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer\ProcessComments
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\SaveKeeper
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ Root\LEGACY_SAVEKEEPERSVC
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\SaveKeeperSvc
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “SaveKeeper”
The threat will drop the following malicious files:
- c:\Program Files\SaveKeeper Software
- c:\Program Files\SaveKeeper Software\SaveKeeper
- c:\Program Files\SaveKeeper Software\SaveKeeper\SaveKeeper.exe
- c:\Program Files\SaveKeeper Software\SaveKeeper\uninstall.exec:\Documents and Settings\All Users\Desktop\SaveKeeper.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\SaveKeeper
- c:\Documents and Settings\All Users\Start Menu\Programs\SaveKeeper\1 SaveKeeper.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\SaveKeeper\2 Homepage.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\SaveKeeper\3 Uninstall.lnk
How to Remove SaveKeeper Manually
1. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
– Click Start > Run
– Type in the field, regedit
– Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
– Base on the given location above, browse and delete the file
– If no location is given, click Start>Search> and search for the file.
– If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
– Update antivirus program
– Scan computer and delete all detected threats.