Remove SafetyKeeper
SafetyKeeper is the new rogue of the Winisoft family which includes SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, and Trust Ninja to name a few. Like its predecessors, SafetyKeeper is spread through other malware and trojans downloaded from rogue websites that trick users into downloading. This parasite starts itself whenever Windows is booted up and will tell you that your computer is infected with viruses and spyware. It will show you that there are harmful files on your computer; these files are all randomly generated by SafetyKeeper as a scare tatic. The purpose of this scare tatic is to force you to purchase a full license to remove these “infections.” You should ignore these warnings and remove this parasite as soon as possible. It will also imitate Windows Security Center and tell you that your computer is under attack.
Here is a screenshot of SafetyKeeper:
Automatic SafetyKeeper removal:
Manual SafetyKeeper removal:
*Please note that the files mentioned below with numbers in their names may be different on your system since SafetyKeeper generates random file names. We strongly advise using the automatic method for removal.
Kill processes: 118019ot-a-virus5ez.exe, 923bspyw5rez493.exe, 925855ot-a-virus31z.exe,
gbn976rl.exe, SafetyKeeper.exe, uninstall.exe
(Learn how to kill processes)
Unregister DLLs: 1044zhackt9ol5b2.dll
(Learn how to unregister DLLs)
Delete registry keys:
HKEY_CURRENT_USER\Software\SafetyKeeper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyKeeper
HKEY_LOCAL_MACHINE\SOFTWARE\SafetyKeeper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAFETYKEEPERSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafetyKeeperSvc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "gbn976rl.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SafetyKeeper"
(Learn how to delete registry keys)
Delete files:
c:\Documents and Settings\All Users\Desktop\SafetyKeeper.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SafetyKeeper
c:\Documents and Settings\All Users\Start Menu\Programs\SafetyKeeper\1 SafetyKeeper.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SafetyKeeper\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SafetyKeeper\3 Uninstall.lnk
c:\Program Files\SafetyKeeper Software
c:\Program Files\SafetyKeeper Software\SafetyKeeper
c:\Program Files\SafetyKeeper Software\SafetyKeeper\SafetyKeeper.exe
c:\Program Files\SafetyKeeper Software\SafetyKeeper\uninstall.exe
c:\WINDOWS\102z6w59m3c4.cpl
c:\WINDOWS\10683v9rzs656.cpl
c:\WINDOWS\10915hief309z.cpl
c:\WINDOWS\1059ztr9j470.bin
c:\WINDOWS\1155backdoor929z.ocx
c:\WINDOWS\118019ot-a-virus5ez.exe
c:\WINDOWS\1044zhackt9ol5b2.dll
C:\WINDOWS\System32\gbn976rl.exe
c:\WINDOWS\System32\90a3t5ief225z.ocx
c:\WINDOWS\System32\9207znot-a-v5rus2f7.bin
c:\WINDOWS\System32\923bspyw5rez493.exe
c:\WINDOWS\System32\925855ot-a-virus31z.exe
%UserProfile%\Local Settings\Temp\gbn976rl.exe
(Learn how to delete files)
Delete folders:
c:\Documents and Settings\All Users\Start Menu\Programs\SafetyKeeper
c:\Program Files\SafetyKeeper Software
c:\Program Files\SafetyKeeper Software\SafetyKeeper
Once you have removed SafetyKeeper from your computer using either the automatic or manual method, make sure to block it and other malicious software using a HOSTS file. We recommend downloading the HOSTS file from here, which contains a complete, up-to-date list of malicious websites.
If this article has helped you, please take this time to share it with Digg using the Digg button (see Digg share button to the left) or retweet it using Twitter (see retweet button to the left). You may also want to follow us on Twitter to keep up-to-date with the latest spyware prevention tips and spyware threats. If you'd rather follow us from your Facebook account, please join our Facebook fan page.
Popular Articles