Instructions to remove Windows Safety Maintenance
Windows Safety Maintenance is a misleading program which was created by Internet criminals which a purpose of tricking unsuspecting computer users. This bogus software is designed to scare PC users into believing that their computers are infected with high risk malware. To achieve this goal Windows Safety Maintenance is using generated security scans and warning messages, it also modifies your operating system registry entries to block the execution of your installed programs. Basically it's a an empty software which has pre-generated warning messages and shows them on every computer that it infects.
Cyber criminals who are responsible for releasing Windows Safety Maintenance are using false online security waning pop-ups and fake torrent alert messages to trick PC users into downloading their rogue program. They are hoping that you will fall for the trickery shown by this malicious software and you will purchase it's licence key in order to remove the security threats that it detects. You should realize that the detection list shown by Windows Safety Maintenance is totally false, none of the security issues that are indicated by this program exists on your computer. This fake security scanner wants you to think the opposite to sell you it's licence key. To avoid infiltration by this malicious software you shouldn't trust online security warning messages which states that your computer is infected with viruses, also avoid torrent alert pop-ups which offers you to get anonymous connection.
Windows Safety Maintenance originates from a large family of malicious programs called "FakeVimes", it's predecessors were called Windows Multi Control System, Windows Advanced Security Center, Windows Private Shield. All of these rogue programs shares the same user interface and are distributed using misleading online messages which tricks PC users into downloading them. When installed on your PC this bogus software will begin imitating a real antivirus program and at the end of the security scan it will ask you to purchase it's full version in order to remove the detected security issues. If you noticed a security program which has the same interface as in the provided screenshot you can be sure that it's a malicious one which should be eliminated from your computer. Don't even consider purchasing it's licence key, you will send your money to Internet criminals and your computer will still be infected. Use this removal information to help you get rid of Windows Safety Maintenance from your PC.
Windows Safety Maintenance generates such fake warning messages:
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"
"Warning! Identity theft attempt Detected Hidden connection IP: 184.108.40.206 Target: Your passwords for sites"
"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
"Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash"
"Viruses were found on your computer. You need to clean your computer to prevent the system crash"
"Trojan-PSW.Win32.launch Hack Tool:Win32/Welevate.A Adware.Win32.Fraud"
Windows Safety Maintenance removal:
Before downloading the remover for Windows Safety Maintenance click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.
If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.
Manual Windows Safety Maintenance removal instructions:
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Now we need to remove proxy settings. Windows Safety Maintenance adds a proxy to your Internet connection settings to show various errors when you try to access Internet. To do this, open Internet explorer, click Tools and select Internet Options. Then select the "Connections" tab.
In the "Connections" tab, click LAN settings, if a "Use a proxy server for your LAN" is checked, uncheck it and press OK. Sometimes Windows Safety Maintenance could hide this setting from you, and you could see that proxy setting is disabled, while actually it could be enabled, but not shown up in these settings. If a "Use a proxy server for your LAN" is unchecked, It is recommended to check it then un-check it and then click OK.
Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):
O4 - HKCU\..\Run: [Inspector] %AppData%\Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
After selecting required entries, click "Fix Checked" and these entries will be removed. After this procedure you can close HijackThis and proceed to the next removal step.
Download a legitimate anti-spyware software to fully remove Windows Safety Maintenance from your computer. We recommend using Spyware Doctor 2012 version
After removing Windows Safety Maintenance, you will need to reset your Hosts file. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be removed from hosts file.
Hosts file is used to resolve some canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
After doing all these steps your computer should be clean. Windows Safety Maintenance will be removed.
Other tools known to remove Windows Safety Maintenance:
Manual Windows Safety Maintenance removal:
If you were unable to remove Windows Safety Maintenance using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Windows Safety Maintenance processes:
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
Remove these Windows Safety Maintenance registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
Delete these Windows Safety Maintenance files:
%StartMenu%\Programs\Windows Safety Maintenance.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it's name. Look for the similar file name pattern and remove it)
%Desktop%\Windows Safety Maintenance.lnk