This is another fake security client that pretends to be a genuine antivirus software. Each and every file that it identifies is false and scam, but the infection pretends to be real security threat. The files that the Windows Custom Safety identifies are not genuine; therefore, the threat that your computer is infected is also not real. The question is how did you get infected with this fake security software? The main medium which spreads this software is by means of downloading infected files. This explains that what happens when a spiteful code is inserted in a genuine website, which is unknown to the administrator of that website. In background, a download is forced when your computer is connected to such website, and hence, your computer gets infected. Your antivirus didn’t catch the download if it’s not asked to install any program at the time of infection. If you have experienced such a case, then it is time to upgrade to a more powerful antivirus program.

All the warnings and security alerts you received, stating that your computer is infected are fake. Following are some of the messages and warnings you will be received by this infection:

Error

Trojan activity detected. System data security is at risk.                                                                       It is recommended to activate protection and run a full system scan.

Warning

Firewall has blocked a program from accessing the internet.                                                                 C: program files internet exploreriexplorer.exe is suspected to infect your computer. This type of virus intercepts entered data and transmits them to remote server.

 

Following is a detailed guide on how you can manually remove Windows Custom Safety:

Remove Windows Custom Safety Processes

  1. Open the Windows task manager by pressing the keys ALT, CTRL and DEL at a time.
  2. Select the ‘processes’ tab and find the Windows custom safety processes from the column name called ‘image name’.
  3. The Windows custom safety processes are:

%systemroot%\ system32\ random

%AppData%\ Protector-[rnd].exe

%AppData%\ result.db*

  1. Select the processes and press Delete.

Remove Windows custom safety Registry key values

  1. Open Run through the start menu.
  2. Type regedit.
  3. Click on Edit by using the left side of the windows registry editor.
  4. After that, click on Find and enter the Windows custom safety registry values.
  5. Right click on the found registry values and then press Delete.

The Windows custom safety registry values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net

Remove Windows custom safety other files

  1. Click on start and then select the option Run.
  2. Type the command cmd and press enter.
  3. When the command prompt opens enter the name of the Windows custom safety file with the directory name.
  4. You can use the dir command to now the directories.
  5. When the file is showed type “regsvr32 /u SampleName.exe” and replace Sample Name.exe with the following Windows custom safety name:

%StartMenu% \Programs\ Windows Custom Safety.lnk

%AppData%\ Protector.exe

%AppData%\ result.db

%Desktop%\ Windows Custom Safety.lnk

 

How to remove Windows Custom Safety?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>