Windows Safety Wizard

What is Windows Safety Wizard?

There are quite a few things you should learn about the malicious clone of Windows Ultimate Security Patch, Windows Defence Counsel or Windows Guard Tools – Windows Safety Wizard. However, most importantly, you have to realize that this application has no technical potential to detect or delete real malware, and it is completely fake, only displayed as legitimate to drag out your honestly earned money.

Warning, this parasite will block your Internet connection. Click here for instructions how to renew your Internet access.

The first evidence of the rogue’s fictitiousness can be found in the bogus security notifications, which will be displayed continuously, and which will keep recommending to remove bogus malware with the useless Windows Safety Wizard’s license:

Torrent Alert
Recommended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer and protocol through the torrent link.

Application cannot be executed. The file notepad.exe is infected.
Please activate your antivirus software.

You can use an activation code to remove these notifications, and other Windows symptoms, which are meant to hide Windows Safety Wizard from removal. These include blocked Internet, disabled running of most executables, and restricted control over Task Manager and Registry Editor tools.

Activation code:

It is important to delete Windows Safety Wizard virus from your operating Windows system straight away, because the more time is lost figuring out what to do or how to remove it, more damage can be done to your system and more sinister infections could start processing. Bellow, you can see two virus removal options, and we hope you will choose one that fits your knowledge and experience best. 100% FREE spyware scan and
tested removal of Windows Safety Wizard*

Automatic Windows Safety Wizard Removal

If you are one of the Windows users, who are dealing with malicious applications for the first time, apply the activation code, noted in the report, and choose one of the two automatic options to erase the virus right away:

1) Your first option is to download antimalware software, which would have automatic removal tools, and would help you delete Windows Safety Wizard without any trouble. We recommend installing SpyHunter, which holds the latest information on various Windows infections.

2) If you do not trust the activation code to delete the infections and you have a spare computer, which has not been infected by the virus, you can download antimalware programs on it. Later on, simply transfer the installation files onto the compromised system, and run them to activate security tools. 100% FREE spyware scan and
tested removal of Windows Safety Wizard*

Manual Windows Safety Wizard Removal

And if malware is no news to you, and you have successfully removed infections manually before, follow these three steps, after the activation code is registered:

1) Launch Task Manager, and kill these processes:
Protector [random].exe
2) Remove registry keys found in the Registry Editor:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsxp_antispyware.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotector.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnpfmessenger.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssrng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "otbpxlqhjd"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsinstall[1].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstsadbot.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalevir.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-4_7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "EnableLUA" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-6-4_7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscmdagent.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "otbpxlqhjd"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
3) To complete the operation, delete these malware related files:

%Desktop%Windows Safety Wizard.lnk
%Desktop%\Windows Safety Wizard.lnk
%CommonStartMenu%\Programs\Windows Safety Wizard.lnk
%CommonStartMenu%ProgramsWindows Safety Wizard.lnk

Leave a Comment

Enter the numbers in the box to the right *