SafeCare

SafeCare

Found: 
2011-01-26
Description: 

Win32.FraudTool.SafeCare is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

 

Credit: Tachikoma

Known system changes: 

Files
%Desktop%\�������ɾ�.lnk

Folders

%ProgramFiles%\SafeCare
%StartMenu%\�������ɾ�

RegistryEntries

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SafeCare.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeCare
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SafeCare
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SafeCarePartner
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: SafeCare
Data: "C:\Program Files\SafeCare\SafeCare.exe" /run1