Home Security Essentials
Home Security Essentials Description
Home Security Essentials is a fake anti-virus program that also claims to be able to detect other forms of high-level PC threats besides viruses, such as banking spyware and identity theft-related attacks. SpywareRemove.com malware experts have given Home Security Essentials a thorough look-over and found, however, that Home Security Essentials substitutes fake alerts for real ones and has no interest or, in fact, ability to analyze your PC for worms, Trojans, viruses or other infections. Since Home Security Essentials may also cause other problems of an even more serious nature, such as blocking security websites or preventing you from using security-related software, you should delete Home Security Essentials immediately and with an appropriate anti-malware product.
Home Security Essentials hails from the same subgroup of rogue anti-virus products as Virus Melts, Virus Alarm, Virus Sweeper, Home Safety Essentials, Internet Security Essentials, Personal Internet Security 2011 and My Security Shield. All of the above and others from the same family are copies of each other that use similar interfaces and attack methodology. However, because variants such as Home Security Essentials may have been updated with additional defensive measures, you should keep your anti-malware products updated to have the best chance of catching recent additions to this rogue AV software group, such as Home Security Essentials.
The main issue that anyone will find quickly whenever they attempt to use Home Security Essentials is Home Security Essentials’s use of frequent and unnerving error messages. SpywareRemove.com malware experts have found that these errors are scheduled to occur semi-randomly and you don’t need to worry about any of the PC threats that Home Security Essentials tells you are on your computer. However, errors like the following may contain links to malicious websites, degrade your system’s performance or cover up genuine error messages from Windows:
Malicious applications which can contain Trojans found on your PC need to be immediately removed.
Click here to remove these potentially harmful items immediately with [rogue anti-virus program name].
9Process %Process%# attempted to change the address space.
An unidentified program-potentially: %ThreatPath% #malicious and able to modify system files- has been prevented from getting installed on your PC.
An unauthorized program has been prevented from accessing your PC.#Port:433 from 92.11.127.10
(Port scan detected at port %portnumber%).
An unidentified program tries to access your computer
The main goal that Home Security Essentials has in mind is to make you spend money on a fake activation process for itself or one of its clones. Because visiting the Home Security Essentials website to purchase Home Security Essentials can expose your PC to other potential infections, and because Home Security Essentials itself has no beneficial features, you should always avoid buying Home Security Essentials, even to make its attacks stop.
If you’ve bought Home Security Essentials, SpywareRemove.com malware research team strongly recommends that you speak with your credit card company and have the relevant card canceled. This will help you to avoid any other fraudulent charges that the criminals behind Home Security Essentials may try to make without your consent.
Home Security Essentials is from a family of rogue anti-virus software that also has a reputation for generally weakening your PC security in multiple ways. Because the attacks that SpywareRemove.com malware research experts have found are likely to make removing Home Security Essentials relatively difficult, you should be prepared to try extreme measures, such as Safe Mode and even booting from a separate source (like a USB drive) if it’s necessary. Deleting Home Security Essentials manually is discouraged, unless there are no other options available.
Standard Home Security Essentials attacks, besides its fake error pop-ups, include browser hijacks that redirect you to the Home Security Essentials website, hijacks that block you from visiting security-based websites and program-blocking behavior that may disable your ability to use anti-malware and security applications. In some cases, the latter may be worked around by renaming program files in the form of generic system files, such as ‘explorer.exe.’
Home Security Essentials – Neither Secure Nor Essential for Your Home PC
Home Security Essentials hails from the same subgroup of rogue anti-virus products as Virus Melts, Virus Alarm, Virus Sweeper, Home Safety Essentials, Internet Security Essentials, Personal Internet Security 2011 and My Security Shield. All of the above and others from the same family are copies of each other that use similar interfaces and attack methodology. However, because variants such as Home Security Essentials may have been updated with additional defensive measures, you should keep your anti-malware products updated to have the best chance of catching recent additions to this rogue AV software group, such as Home Security Essentials.
The main issue that anyone will find quickly whenever they attempt to use Home Security Essentials is Home Security Essentials’s use of frequent and unnerving error messages. SpywareRemove.com malware experts have found that these errors are scheduled to occur semi-randomly and you don’t need to worry about any of the PC threats that Home Security Essentials tells you are on your computer. However, errors like the following may contain links to malicious websites, degrade your system’s performance or cover up genuine error messages from Windows:
Malicious applications which can contain Trojans found on your PC need to be immediately removed.
9Process %Process%# attempted to change the address space.
An unidentified program-potentially: %ThreatPath% #malicious and able to modify system files- has been prevented from getting installed on your PC.
An unauthorized program has been prevented from accessing your PC.#Port:433 from 92.11.127.10
(Port scan detected at port %portnumber%).
An unidentified program tries to access your computer
The main goal that Home Security Essentials has in mind is to make you spend money on a fake activation process for itself or one of its clones. Because visiting the Home Security Essentials website to purchase Home Security Essentials can expose your PC to other potential infections, and because Home Security Essentials itself has no beneficial features, you should always avoid buying Home Security Essentials, even to make its attacks stop.
If you’ve bought Home Security Essentials, SpywareRemove.com malware research team strongly recommends that you speak with your credit card company and have the relevant card canceled. This will help you to avoid any other fraudulent charges that the criminals behind Home Security Essentials may try to make without your consent.
How Home Security Essentials Can Pry Your Security Wide Open
Home Security Essentials is from a family of rogue anti-virus software that also has a reputation for generally weakening your PC security in multiple ways. Because the attacks that SpywareRemove.com malware research experts have found are likely to make removing Home Security Essentials relatively difficult, you should be prepared to try extreme measures, such as Safe Mode and even booting from a separate source (like a USB drive) if it’s necessary. Deleting Home Security Essentials manually is discouraged, unless there are no other options available.
Standard Home Security Essentials attacks, besides its fake error pop-ups, include browser hijacks that redirect you to the Home Security Essentials website, hijacks that block you from visiting security-based websites and program-blocking behavior that may disable your ability to use anti-malware and security applications. In some cases, the latter may be worked around by renaming program files in the form of generic system files, such as ‘explorer.exe.’
Home Security Essentials Automatic Detection Tool (Recommended)
Is your PC infected with Home Security Essentials? To safely & quickly detect Home Security Essentials, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Home Security Essentials
What happens if Home Security Essentials does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name 1 %AllUsersProfile%\HSE.ico 2 %AllUsersProfile%\HS2d7_231.exe 3 %AppData%\Home Safety Essentials 4 %AppData%\Home Safety Essentials\ScanDisk_.exe 5 %AppData%\Home Safety Essentials\Instructions.ini 6 %AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk 7 %AppData%\Microsoft\Windows\Recent\DBOLE.dll 8 %AppData%\Microsoft\Windows\Recent\PE.sys 9 %AppData%\Microsoft\Windows\Recent\SICKBOY.drv 10 %AppData%\Microsoft\Windows\Recent\SICKBOY.sys 11 %AppData%\Microsoft\Windows\Recent\delfile.dll 12 %AppData%\Microsoft\Windows\Recent\eb.dll 13 %AppData%\Microsoft\Windows\Recent\eb.sys 14 %AppData%\Microsoft\Windows\Recent\energy.dll 15 %AppData%\Microsoft\Windows\Recent\gid.tmp 16 %AppData%\Microsoft\Windows\Recent\pal.sys 17 %AppData%\Microsoft\WindowsRecent\ppal.drv 18 %AppData%Microsoft\Windows\Recent\runddlkey.exe 19 %AppData%\Microsoft\Windows\Recent\snl2w.drv 20 %AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk 21 %AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk 22 %UserProfile%\Desktop\Home Safety Essentials.lnk 23 %AllUsersProfile%\6113.mof 24 %AllUsersProfile%\46.mof 25 %AllUsersProfile%\3178.mof 26 %AllUsersProfile%\14.mof 27 %AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg 28 %AllUsersProfile%\HSYITSQGE 29 %AllUsersProfile%\HSESys 30 %AllUsersProfile%\Quarantine Items 31 %AppData%\Microsoft\Windows\Recent\CLSV.tmp
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Classes\Software\Microsoft\Internet Explorer\Search\Scopes\URL http://findgala.com/?&uid=231&q={searchTerms}HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"HKCU\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures "1"HKCU\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%HKCU\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings5.0User AgentPost Platform89770803HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings5.0User AgentPost Platformlib/5.00231HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsUID 231HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRunHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun msseces.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun12\ avgemc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\ 1HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exeHKCU\Software\Microsoft\WindowsCurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exeHKCU\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exeHKCU\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exeHKLM\SOFTWARE\Classes\HS2d7_231.DocHostUIHandlerHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options~1.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options~2.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1" - The following CLSID's were detected:
HKEY..\..\{CLSID Path} HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}VidHKCU\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials HKLM\SOFTWARE\Classes\CLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Posted: August 29, 2011 | By SpywareRemove
MoreThreat Level: 10/10
(No Ratings Yet)
Loading ...Rate this article:
