Home Safety Essentials
Home Safety Essentials Description
Home Safety Essentials is a rogue anti-virus product that installs itself via fake scanners and then proceeds to initiate more fake scans for the sole purpose of making it look like your PC is heavily-infected. SpywareRemove.com malware researchers have also noticed other problems coupled with Home Safety Essentials infections, such as browser hijackers that redirect you to strange websites and general software dysfunction that’s related to lowering the infecting system’s security. Since Home Safety Essentials can’t protect your PC against any of the threats that Home Safety Essentials claims to provide security against and has substantial drawbacks to being installed on your computer, the recommended solution is to remove Home Safety Essentials with a genuine anti-malware product that can eradicate rogue security programs with efficiency.Home Safety Essentials: the Fake System Scanner Behind Another Fake System Scanner
Home Safety Essentials is a recent variant of rogue anti-virus programs from the My Security Wall and Virus Doctor family. Other rogue AV clones with almost the same appearances and very similar attacks to Home Safety Essentials include Virus Melt, Virus Alarm, Virus Sweeper, My Security Shield and quite a few others that use even more diverse names than the above examples.
Fake anti-virus scanners from the Home Safety Essentials subgroup can be distributed in a variety of ways, but the most popular method that SpywareRemove.com malware research team has surveyed involves the use of fake system scanners. These scanners (sometimes using the name Windows Web Security) are embedded in malicious websites and advertisements and will pretend to detect infections on your PC, prior to asking you to install Home Safety Essentials or another type of fake security software.
Even though Home Safety Essentials claims, like its cousins, to protect against ‘identity theft, viruses, malware and other threats,’ Home Safety Essentials can’t protect your PC from any of these threats and isn’t even capable of detecting them.
Defining the Real Danger Behind the Unfitting Name of Home Safety Essentials
In between its incessant nagging at you to purchase its fake anti-virus program, Home Safety Essentials will cause a variety of issues that worsen your computer’s overall security and stability, such as:
- Create fake error messages that announce the presence of nonexistent infections, including high-level threats such as keyloggers and backdoor Trojans. A few examples of these error pop-ups are shown here:
Malicious applications, which can contain Trojans found on your PC, need to be immediately removed. Click here to remove these potentially harmful items immediately with [rogue anti-virus program name].
9Process %Process%# attempted to change the address space.
An unidentified program-potentially: %ThreatPath% #malicious and able to modify system files- has been prevented from getting installed on your PC.
An unauthorized program has been prevented from accessing your PC.#Port:433 from 92.11.127.10
Port scan detected at port %portnumber%.
An unidentified program tries to access your computer - Hijack your web browser and forcing it towards specific websites. Home Safety Essentials may also utilize hijacks in the form of fake error screens that block security websites, or even change your default homepage.
- Block real security programs, supposedly to protect you from infections. You should be able to surmise that Home Safety Essentials just wants to avoid any possibility of you accessing a program that could help you remove Home Safety Essentials for good.
Home Safety Essentials Automatic Detection Tool (Recommended)
Is your PC infected with Home Safety Essentials? To safely & quickly detect Home Safety Essentials, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Home Safety Essentials
What happens if Home Safety Essentials does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %AllUsersProfile%\[6 RANDOM CHARACTERS]\HS[RANDOM CHARACTERS]_[NUMBERS].exe 337 2 %AllUsersProfile%\[RANDOM CHARACTERS]\ N/A 3 %AllUsersProfile%\[RANDOM CHARACTERS]\6113.mof N/A 4 %AllUsersProfile%\[RANDOM CHARACTERS]\3178.mof N/A 5 %AllUsersProfile%\[RANDOM CHARACTERS]\14.mof N/A 6 %AllUsersProfile%\[RANDOM CHARACTERS]\46.mof N/A 7 %AllUsersProfile%\[RANDOM CHARACTERS]\HS2d7_231.exe N/A 8 %AllUsersProfile%\[RANDOM CHARACTERS]\HSE.ico N/A 9 %AllUsersProfile%\[RANDOM CHARACTERS]\HSESys N/A 10 %AllUsersProfile%\[RANDOM CHARACTERS]\Quarantine Items N/A 11 %AllUsersProfile%\HSYITSQGE N/A 12 %AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg N/A 13 %AppData%\Home Safety Essentials\ N/A 14 %AppData%\Microsoft\Windows\Recent\pal.sys N/A 15 %AppData%\Home Safety Essentials\ScanDisk_.exe N/A 16 %AppData%\Microsoft\Windows\Recent\runddlkey.exe N/A 17 %AppData%\Home Safety Essentials\Instructions.ini N/A 18 %AppData%\Microsoft\Windows\Recent\energy.dll N/A 19 %AppData%\Microsoft\Windows\Recent\delfile.dll N/A 20 %AppData%\Microsoft\Windows\Recent\CLSV.tmp N/A 21 %AppData%\Microsoft\Windows\Recent\DBOLE.dll N/A 22 %AppData%\Microsoft\Windows\Recent\PE.sys N/A 23 %AppData%\Microsoft\Windows\Recent\gid.tmp N/A 24 %AppData%\Microsoft\Windows\Recent\SICKBOY.drv N/A 25 %AppData%\Microsoft\Windows\Recent\SICKBOY.sys N/A 26 %AppData%\Microsoft\Windows\Recent\eb.dll N/A 27 %AppData%\Microsoft\Windows\Recent\eb.sys N/A 28 %AppData%\Microsoft\Windows\Recent\ppal.drv N/A 29 %AppData%\Microsoft\Windows\Recent\snl2w.drv N/A 30 %AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk N/A 31 %AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk N/A 32 %AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk N/A 33 %UserProfile%\Desktop\Home Safety Essentials.lnk N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262}HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures 1HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun 1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 msseces.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 avgemc.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS2d7_231.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials - The following CLSID's were detected:
HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Posted: August 19, 2011 | By SpywareRemove
MoreThreat Level: 10/10
(No Ratings Yet)
Loading ...Rate this article:
Detection Count: 52
Keeps loading when I turn the PC on. Also keeps me from downloading ANY software. Cannot even check my email anymore due to this Home Safety Essentials. Need some solution ASAP! Please help! What can I do to get your malware scanner?