Click on screenshot to zoom
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Windows Safety Tweaker

Whether we like it or not, Rogue.VirusDoctor family does not seem to stop spawning one computer threat after the other anytime soon. Windows Safety Tweaker is yet another rogue antispyware application that is basically identical to such rogues as Windows Personal Doctor, Windows Attacks Defender or Windows Trojans Sleuth. Windows Safety Tweaker copies the appearance of your Windows Explorer’s interface and thus makes a lot of users fall for this trap. They think that Windows Safety Tweaker is a real antivirus program, or they simply get so desperate about the state their computer is in, that they pay for this worthless program without any second thought.

When Windows Safety Tweaker gets installed in your computer, it performs a fake system scan, “detecting” multiple infections such as Email-Worm, Trojan-Malfinder, Trojan-PSW and others. Take note of the fact, that the names of these malicious infections are not complete, and because of that Windows Safety Tweaker loses the sophisticated image it tries to convey. Either way, a user who is not very well familiar with computer safeguard applications might consider Windows Safety Tweaker to be a reliable program, especially as it “informs” the user about various errors, for example:

Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning! Identity theft attempt Detected
Hidden connection IP: 58.82.12.124
Target: Your passwords for sites

Since these fake security notification messages correspond to the symptoms the users experience, some of them are bound to believe that Windows Safety Tweaker is only trying to help, especially as Windows Task Manager and Registry Editor also get blocked with time. Not to mention that you are not able to load some of your favorite programs. However, no matter what the rogue might tell you, everything is Windows Safety Tweaker’s doing and you will do yourself a favor by getting rid of this rogue immediately.

The removal will go a lot smoother if you "activate" Windows Safety Tweaker with this serial code:

0W000-000B0-00T00-E0020

This way the rogue will think that you have purchased the license and it will stop attacking you with fake notifications for the time being. Nevertheless, if you cannot terminate Windows Safety Tweaker manually even with this handicap, you are advised to get yourself a reliable antimalware tool that will remove Windows Safety Tweaker for you automatically, and your computer will be protected against similar future threats.

Download Spyware Removal Tool to Remove* Windows Safety Tweaker
  • Quick & tested solution for Windows Safety Tweaker removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Safety Tweaker

Files associated with Windows Safety Tweaker infection:

%Desktop%\Windows Safety Tweaker.lnk
%CommonStartMenu%\Programs\Windows Safety Tweaker.lnk
%AppData%\result.db
%AppData%\Protector-[Random].exe
%AppData%\NPSWF32.dll
Windows Safety Tweaker.lnk
Protector-auc.exe

Windows Safety Tweaker DLL's to remove:

%AppData%\NPSWF32.dll

Windows Safety Tweaker processes to kill:

Protector-auc.exe
%AppData%\Protector-[Random].exe

Remove Windows Safety Tweaker registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-5_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.