SafeStrip
SafeStrip is a misleading security application that can be downloaded and installed on computer without the proper knowledge of the victim. It will promote itself as a legitimate program and may come bundled with other software. When inside the system, SafeStrip virus will alter settings and configure itself to run on its own when Windows is started. This rogue application will identify threats found on PC and suggest to remove it using the full version of SafeStrip.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What Safe-Strip can do?
- The program will created folder and files on hard drive’s Program Files.
- Create an entry on Windows registry.
- Detects non-existent threats to mislead users.
Malicious Files Added by Safe-Strip
%ProgramFiles%\SafeStrip\SafeStrip.exe
%ProgramFiles%\SafeStrip\SafeStrip.url
%ProgramFiles%\SafeStrip\SafeStripReminder.exe
%ProgramFiles%\SafeStrip\SafeStripUpdate.exe
%ProgramFiles%\SafeStrip\Scripts\FileInfo.script
%ProgramFiles%\SafeStrip\Scripts\HTMLReport.script
%ProgramFiles%\SafeStrip\Scripts\MD5.script
%ProgramFiles%\SafeStrip\Scripts\MonitorReport.script
%ProgramFiles%\SafeStrip\Scripts\PendDel.script
%ProgramFiles%\SafeStrip\Scripts\Quarantine.script
%ProgramFiles%\SafeStrip\Scripts\Reports.script
%ProgramFiles%\SafeStrip\spyware.dat
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe
%ProgramFiles%\SafeStrip\unins000.exe
%ProgramFiles%\SafeStrip\ver.dat
%ProgramFiles%\SafeStrip\whitelist.cfg
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”SafeStrip” = “%ProgramFiles%\SafeStrip\SafeStrip.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”SafeStripReminder” = “%ProgramFiles%\SafeStrip\SafeStripReminder.exe”
Safe-Strip – Removal
Removing Safe-Strip Manually:
1. If using Windows ME or XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore]
2. Update the virus definitions.
3. Reboot Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Anti-virus Tools
Manual removal provided on this page may or may not successfully remove Safe-Strip. To completely get rid of the virus and other malicious software that may have been installed, we suggest running these tools.
In order to completely remove Safe-Strip from a system, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean PC and rename the executable file before executing on the infected machine.
David
Mar 24, 2008 @ 12:17:36
I have the safe strip on my computer. Any ideas how to get rid of it? Thank you.
Ben
Dec 02, 2008 @ 16:30:38
David,
If you’re still looking for an answer (Which by now you’re probably not), there’s a piece of software called “Superantispyware” that works fantastically against this. It’s the only thing I’ve found that will get rid of it.