Windows Safety Module is a rogue antispyware software. It reports false infections, displays various fake security alerts, hijacks an Internet browser as a method to force you to believe that your computer is infected. Windows Safety Module is designed with one purpose – to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your computer as soon as possible. Use the removal guide below to remove Windows Safety Module from your computer for free.
The bogus program infiltrate computers with the help of trojans or malware without your desire. During installation, Windows Safety Module will tune up your system so it will get launched automatically when you logon into Windows. Immediately after launch, this fake security program will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. So you can safely ignore the scan results that Windows Safety Module gives you.
Last but not least, while the rogue is running, it will display various security warnings. Some of the warnings are:
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Error
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Just like false scan results above, all of these alerts are a fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them!
As you can see, all Windows Safety Module does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Windows Safety Module and any associated malware from your computer for free.
Use the following instructions to remove Windows Safety Module (Uninstall instructions)
It is possible that the rogue will not allow you to run a malware removal tools, then you will need to reboot your computer in Safe mode with networking.
Restart your computer. After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Windows Safety Module virus changes Internet Explorer proxy settings to use a malicious proxy server that will not allow you download or update security software. So, you should complete this step to fix this problem.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Now you should download Malwarebytes Anti-malware and remove all Windows Safety Module associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. Once installation is complete, you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Now click on the Scan button to start scanning your computer for Windows Safety Module associated malware. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. Make sure all entries have a checkmark at their far left and click “Remove Selected”.
Windows Safety Module may change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
Your system should now be free of the Windows Safety Module virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows Safety Module removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Customer brought Windows 7 laptop in today. Booted in Safe Mode (with networking). Windows Safety Module came up almost immediately. No X to close it with but was able to close it from taskbar. Hunted around (from prior experience) and found protector-ouxy.exe in users appdata\roaming folder. I renamed it. However it continued to run in system tray and kept popping up various fake messages. It would not allow me to open Internet Explorer. So I couldn’t check the proxy settings. I downloaded ComboFix onto a memory stick from my shop computer and ran it on the laptop. While ComboFix was running there were several warning popups but they could be X-ed out. ComboFix rebooted into Normal Mode and finished. It quarantined:
Registry_backups\AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}.reg.dat
Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
Registry_backups\HKLM-Run-SynTPEnh.reg.dat
Registry_backups\Wow6432Node-HKCU-Run-Inspector.reg.dat
Registry_backups\tcpip.reg
catchme.log
C\Users\joe\AppData\Roaming\result.db.vir
C\Users\joe\AppData\Roaming\Protector-ouxy.xex.vir (the one I renamed)
C\Users\joe\AppData\Local\RivalGaming\RiVAlgaming.dll.vir
I will now run Malwarebytes and from prior experience from the last variant of this it will find a couple of leftovers.
I am a firm believer in MalwareBytes and run the full version on my own computers. I was already running ComboFix when I read this article or I would have probably tried using it instead.
Thanks so much for the anti spyware, it just solved a big problem i’d been having for sometime now. I followed each step as stated and it worked.