Windows safety wizard is a fake antivirus program that is distributed and installed by means of Trojans. This software pretends to be a genuine antivirus program, but actually, it is just a replica and a fake antivirus program. It damages real windows applications, its scanner detects fake infections and it sends various fake warnings or error messages that show that your computer is infected. The purpose of doing so is that they hope that you will buy the full version of windows safety wizard. This program is not able to even detect any infections or make your system free of such viruses and it is also not capable to protect your system from any future threats.

When you install this program, it will configure to run automatically whenever you login to your computer. Right after it is launch, its fake scanner will start your scan without your approval and displays you fake results that your computer is infected. It also sends you various messages, alerts and warnings that are very annoying. Some of the warnings and errors that this rogue program displays are:

Error

Software without digital signature detected.                                                                                                                  Your system files are at risk. We strongly advise you to activate your protection.

Above reported issues are all false and there is no danger in avoiding these warnings, and it is very important to remove this program from your system as it also blocks various legitimate applications including functions of genuine antivirus. Follow the instruction given below to remove this fake program:

Remove Windows safety wizard Processes

  1. Press ALT and to open the windows task manager.
  2. Windows task manager is required to remove the Windows safety wizard harmful processes.
  3. Select the processes tab.
  4. Find out the processes which are mentioned below:

Protector-[random 3 chars].exe

Protector-[random 4 chars].exe

  1. Select the processes and press delete.

Remove Windows safety wizard Registry keys

  1. Open the registry editor by typing the regedit in the Run program.
  2. Find the Windows safety wizard registry key values which can be found using the left pane of the registry editor.
  3. Locate the Windows safety wizard registry entry values and then right click on them and select the option Modify and then delete.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

Inspector = %AppData%\Protector-[random].exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\

Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\

Debugger = svchost.exe

Remove Windows safety wizard other files

  1. Open Run.
  2. Type cmd and press Ok.
  3. Enter the name of the Windows safety wizard file along with the directory name.
  4. If you do not know the directory where the files are located you can use the dir command.
  5. When the required file is shown write down “regsvr32 /u SampleName.exe” and change Sample Name.exe with the following Windows safety wizard name:

%AppData%\Protector-[random 3 chars].exe

%AppData%\Protector-[random 4 chars].exe

%AppData%\result.db

 

 

 

How to Remove Windows Safety Wizard?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>