Safety Center Virus
Safety Center is a fake multi-security program for Windows that is part of the operation of Windows Security Suite. To deceive computer users, the interface is adapting the looks of Windows own safety center to make it look like a part of operating system. It will have tools like Spyware Scanner, Surfing Protection, Cookies Remover, Registry Doctor, Firewall, Memory Manager and so on. Safety Center was being spreads and dropped on computers with the help of Trojan. This malware also modifies the registry to simultaneously load self in Windows start-up.
Once the virus got a hold on the system, warning messages will greet computer users after logon. An alert will contain the following message:
We are sorry but your query looks similar to requests from a computer infected by viruses or spyware applications. To protect our users, we can’t proceed with your request at the moment. We will restore your access as quickly as possible, so try again later. Meanwhile, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your system is free of viruses and other malicious software.
Rogue program such as Safety Center is less harmful than other on the same kind. Removing this threat from a computer is achievable with the help of a removal tool or authentic anti-malware application. There is no guarantee that manually removing Safety Center virus can get rid of hidden files and registry entries. So stick with automatic method.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Safety Center Removal Procedures
Safety Center REMOVAL TOOL:
In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.
MANUAL REMOVAL PROCEDURE:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Safety Center”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update installed antivirus application to have the latest database.
3. Thoroughly scan the system and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Safety Center Virus.
4. Registry entries created by Safety Center must also be removed from the Windows system. Please refer below for entries associated to the rogue program.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Exit registry editor.
6. Get rid of Safety Center start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Technical Details and Additional Information:
Malicious Files Added by Safety Center
c:\Documents and Settings\All Users\Application Data\[random characters].dat
c:\Documents and Settings\All Users\Application Data\[random characters].ico
c:\Documents and Settings\Bleeping\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Center.lnk
c:\Documents and Settings\Bleeping\Desktop\Security Center.lnk
Safety Center Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“
Bishop
Sep 19, 2009 @ 16:51:32
It won’t let me even click or go to any programs except “Click Manager”
How do I get to it?
jeff forslund
Sep 24, 2009 @ 17:05:49
We can’t go on line to download a repair. Is there an other way to repair?
DoUbLe HeLiX
Sep 25, 2009 @ 22:58:53
Google the “.exefix registry fix.”
Run in safe mode with networking
Then install MBAM
Make sure to update MBAM
Do full scan
Then run COMBOFIX
All will be better
seankraynak
Oct 01, 2009 @ 19:01:24
Okay,…. i’m now trying to download malware removal and reg fix but when i try to download i get that error message thats keeping me from everything. How can i bypass it without reformatting?
Rod
Oct 07, 2009 @ 05:20:08
REALLY? cuz it’s not working! has anyone actually had any success getting rid of this stupid thing? Cuz you know what? Malwarebytes and combo fix isn’t doing anything… Admin rights have been compromised… is there anything that can be done from DOS?
Brian
Oct 24, 2009 @ 09:05:44
Since “Safety Center” would not let me online to access MBAM or any other anti-virus site, including AumHa, ESET, and Kaspersky, I went on another computer and downloaded MBAM to my external hard drive and ran it on the infected computer. “Safety Center” stopped the scanning of MBAM twice after about 25 minutes of scan time and prior to its finishing the scans, shutting down the computer each time. The third time I ran MBAM, I managed to manually, prematurely shut down MBAM and get a report, deleting the infected objects that it had found at that point in time. That seemed to have “broken the back” so to speak of SC. Another scan with MBAM that ran successfully reported over 400 (!!!!) infected objects — all of which I removed and sent to quarantine to join the ones found in the previous partial scan. A final scan with MBAM turned up nothing.
The computer ran fine for 3 days, then suddenly, SURPRISE parts of SC were back and active — Windows would not load in NOrmal mode. Scans run in Safe Mode turned up nothing!
MBAM is a partial, not the total answer, and at the moment I do not know what is.
ken
Nov 01, 2009 @ 22:00:51
Use Prevx malware/spyware software to remove “Safety Center”. The software is recommended by 2009 PC Mag Editor’s Coice Award. It uses Prevx’s database to detect malicious software on your computer for all for free, then a purchase (subscription) is required to remove all bogus viruses/spyware/malware completely. hxxp://www.pcmag.com/article2/0,2817,2346862,00.asp Then use the right click delete feature on your mouse to remove the remaining bogus icons on your desktop. It is the fastest least “cumbersome” malware/spyware program you can use. Norton Internet Security could not detect or remove it.
bosstan
Nov 06, 2009 @ 15:10:31
SafetyCenter did not allow me to run mbam (saying it is a dangerous application). So I restarted in Safe Mode with networking, started mbam, updated it and ran a complete scan. It found the SafetyCenter, removed it and asked for a restart. I restarted in normal mode and the safety center was gone.
Marsha
Nov 11, 2009 @ 10:19:08
I have malwayre on my PC and have now ran it 5 times and rebooted- it says it has found a virus then as soon as I log on again the virus comes back up- pls help!!!