Friday, June 8, 2012

Get rid of Windows Custom Safety fake popups posed as threat related reports

Windows Custom Safety burdens users with popups posed as threat related reports. The program has in its disposal a complete set of skins to imitate activities of an antivirus. Unsophisticated user, unless advised as appropriate, has no reason to doubt the program is a genuine antimalware as its skins look like that of a professional, elaborate product.
Windows Custom Safety removal is strongly recommended as the program is a clone that has further extended one of multiple malware families. That is why hackers afford to get their programs dressed up in nice skins; that is, the same graphics is used in dozens of fakes, but developed only once, yet the development is made of templates stolen from the developers of genuine software products.
Free scanner available here is a tool to scan your computer system and remove Windows Custom Safety , as well as true security threats disclosed by genuine scanner.

Windows Custom Safety screenshot:



Windows Custom Safety activation code (helps removal):
0W000-000B0-00T00-E0020
NOTE: "Activating" Windows Custom Safety  is not enough. You need to remove related trojans \ rootkits using reliable malware removal solution.
It is important to fix Windows registry after Windows Custom Safety malware removal using safe registry cleaner software.

Windows Custom Safety manual removal guide:
Delete infected files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Privacy Module.lnk
%Desktop%\Windows Privacy Module.lnk
Delete Windows Custom Safety registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-4-27_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tovvhgxtud”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[random].exe

No comments: