Read the same in:

Home / Fighting malicious programs / Rogue security software

Home products
1-5 computers

Small Office Security
5-10 computers

Business products
Workstations & Servers protection

Fighting malicious programs
How to disinfect...

Kaspersky Virus Scanner for Mac

Kaspersky Security Scan 2.0

Kaspersky Virus Removal Tool 2011

Virus-fighting utilities

Viruses and solutions

PC and online safety

Rogue security software

Kaspersky Rescue Disk 10

Remove banner from Desktop, unlock Windows

Training and Certification
Take an educational course and become a certified security specialist

Self Service
More help online

Support Services and Contacts
Information about support services and rules

Virus Activity

virus activity is normal

SafePcAv: Rogue security software

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. For your convenience in this section we gathered all known rogue security software in one list by alphabet.

SafePcAv: Rogue security software
ID Article: 3543	Other languages:	6	2010 May 04 13:35	Printable version

1. Program description

SafePcAv - Rogue Security Software - is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provides the user with little or no protection whatsoever. The program is distributed via a web-site www.safepcav.com (the site is not available any more). SafePcAv is a new variant of the family Winiguard/Winisoft. The author of SafePcAvalso created the following software:

PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran.

Kaspersky Lab’s experts do not recommend visiting the websites of the rogue security applications mentioned in this article because these sites may be unsafe and could potentially harm your computer.

2. Actions

After the installation SafePcAv creates a definite number of empty files with different names on the computer. Once the computer scan is started SafePcAv detects these files as malicious and offers to delete these files once you purchase the license for this program.

3. Files

During the installation SafePcAv copies the following files to the hard drive:

%ProgramFiles%\SafePcAv Software\SafePcAv\always_delete.xml
%ProgramFiles%\SafePcAv Software\SafePcAv\always_skip.xml
%ProgramFiles%\SafePcAv Software\SafePcAv\main_config.xml
%ProgramFiles%\SafePcAv Software\SafePcAv\SafePcAv.exe
%ProgramFiles%\SafePcAv Software\SafePcAv\uninstall.exe
%ProgramFiles%\SafePcAv Software\SafePcAv\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\SafePcAv.lnk
%AllUsersProfile%\Start Menu\Programs\SafePcAv\1 SafePcAv.lnk
%AllUsersProfile%\Start Menu\Programs\SafePcAv\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SafePcAv\3 Uninstall.lnk

4. System registry

In order to function normally SafePcAv creates the following branches in the system registry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SafePcAv
HKEY_LOCAL_MACHINE\software\SafePcAv
HKEY_CURRENT_USER\software\SafePcAv
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SafePcAv”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SafePcAv”

5. Screenshots of the program

Stay connected