1 of 13
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
Windows Problems Protector , WindowsSafetyProtection

Windows Safety Protection

Despite the many campaigns by the online security industry to educate consumers on the perils of rogue security tools, many continue to fall victim to the lies of the cyber criminals behind these fake security tools. Windows Safety Protection is the perfect case in point as this rogue continues to dupe many PC owners into paying for what is essentially worthless software. What’s worse, Windows Safety Protection is directly linked to the Fake Microsoft Security Essentials scam. Once installed on the PC Windows Safety Protection will spam the user with many types of fake Microsoft Security Essentials alerts designed to panic the user into thinking his system has been compromised.

What makes the Windows Safety Protection infection even harder to detect and remove is the fact that it enters its victims’ PCs without their knowledge or consent. This is possible through Windows Safety Protection making use of various Trojan horse infections which enter the user’s system surreptitiously. The PC owner will remain for the most part unaware of Windows Safety Protection on his system until such time as the rogue deems it the correct time to reveal itself to the user through various fake alerts. After a sufficient amount of time has passed Windows Safety Protection will offer to remove these falsely reported security threats but only once the user pays for its fake software.

Some of the false threats Windows Safety Protection reports on include Unknown.Win32/Trojan. This fake threat appears in many of its false security alerts and is not even a real threat to begin with. Some of the other fake security notifications employed by Windows Safety Protection as part of its attack on the system include the following:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

Windows Safety Protection will then prompt the PC owner to scan his system. This will start a fake scan of the PC which ultimately states that a particular file is infected with Trojan.Horse.Win32.PAV.64.a. Windows Safety Protection then prompts the user to install Windows Safety Protection to remove the virus. The text of this prompt is:

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

Take note of the many grammatical and spelling mistakes contained in these two false alerts alone. This should already clearly speak to the validity and authenticity of Windows Safety Protection as a legitimate security program.

Users who did not delete Windows Safety Protection in time complained about being unable to access their Desktop as well as not being able to launch any programs on their PCs. This is particularly disturbing symptoms, but there is hope. Follow the following instructions to disable Windows Safety Protection’s startup screen and regain access to your Desktop:

1. Once the system reboot is complete, you will not be able to access the Desktop again but will instead be presented with the Windows Safety Protection startup screen. Select OK to start the Windows Safety Protection system scan
2. While the scan is running click on the Microsoft website link
3. This should open the Internet browser, and once the page loads click on the Red X at the top right of the screen
4. This should allow you to close the Windows Safety Protection startup screen window and you should also be able to access your Desktop again.

While Windows Safety Protection is still on the PC, users might still receive the following false security notifications:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning!
Name: firefox.exe
Name: c:program filesfirefoxfirefox.exe
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

At the end of the day there is only one way to take back control of your PC. Do this by investing in a properly functioning and updated security tool which will not only obliterate Windows Safety Protection from the system but also protect against future similar threats and infections.

Download Spyware Removal Tool to Remove* Windows Safety Protection
  • Quick & tested solution for Windows Safety Protection removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Safety Protection

Files associated with infection (Windows Safety Protection):

lmpmpn.exe
%AppData%\[random].exe

Processes to kill (Windows Safety Protection):

lmpmpn.exe
%AppData%\[random].exe

Remove registry entries (Windows Safety Protection):

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell “%AppData%\[random].exe”
Disclaimer

Comments

  1. Cornet Willaims Feb 7, 2011

    THANK YOU a million times over! I used these instructions to rid myself of this trojan with success! I’ve come across this one before, but not to the degree that it wouldn’t let me open my Task Manager or Programs. This was so

  2. Pcthreat Feb 7, 2011

    Cornet,
    Glad we could help removing Windows Safety Protection.

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.