1 of 6
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Shows commercial adverts
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Windows Safeguard Utility

It seems the developers behind rogue security tools have been keeping busy, as the latest addition to the fake Microsoft Security Essentials scam, Windows Safeguard Utility makes waves. This rogue, which finds its roots in the same family of rogues as Windows System Tasks and Windows Repairing System, was designed to rip consumers off by stealing their money and offering them nothing of value in return. Windows Safeguard Utility does not have the ability to protect PCs against any type of threat, and is indeed a malicious infection in itself.

Windows Safeguard Utility will use any tactic at its disposal to gain unauthorized entry to its victim’s system. This includes using browser hijacking websites and rubbish online malware scanners. It will also exploit all known system and browser vulnerabilities and weaknesses to achieve this, and will not relent until it accomplishes its goals.

In our case, we got spam e-mail messages directing to pharmacy companies, and one webpage loaded a fake system scanner which started showing various warning messages and led to Windows System Tasks appearance.

Because of its stealth infiltration, users will find it difficult to detect and remove Windows Safeguard Utility from the system without some help. The first clue the user will have as to the presence of Windows Safeguard Utility on the system will come from the rogue initiating a fake system scan. This will only happen after the fake software manages to securely root itself in the system, and edit Windows registry entries to ensure that it launches each time Windows starts up.

This fake system scan will yield various bogus results informing the user that his system is under attack. None of these results should receive any attention, as it is only a scare tactic employed by Windows Safeguard Utility to panic its victim into paying for its worthless software. As a further attack on the system, Windows Safeguard Utility will spam the user with various falsely generated security pop up messages. These pop ups will warn the user of dire infections supposedly crippling the system. Some of the most popular fake alerts to be on the lookout for include the following:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

Other symptoms associated with the Windows Safeguard Utility infection include blocked Internet connections, as well as the inability to launch applications on the infected PC. Poor system performance and increased erratic system behavior is also a common symptom.

At the end of the day you will only be able to regain control of your PC if you get rid of Windows Safeguard Utility immediately. This will limit the damage this rogue will cause to your PC. Do this by investing in a genuine security tool which will also offer future protection against similar threats.

Download Spyware Removal Tool to Remove* Windows Safeguard Utility
  • Quick & tested solution for Windows Safeguard Utility removal.
  • 100% Free Scan for Windows

How to manually remove Windows Safeguard Utility

Files associated with Windows Safeguard Utility infection:


Windows Safeguard Utility processes to kill:


Remove Windows Safeguard Utility registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.