Bogema Security

Posted: July 22, 2011

Bogema Security Description

ScreenshotThe fake security program, Bogema Security, claims to offer anti-spyware and other threat-removal services, but our malware researchers have found that Bogema Security only offers trouble. Those who attempt to use Bogema Security for its stated purposes will find that the only infections that Bogema Security can warn you about are falsified ones and that all system errors that Bogema Security reports are lies. This simple scam is a not-so-subtle attempt to steal your credit card and the money linked to it, so it's strongly encouraged that your guard your finances from Bogema Security and use an advanced anti-malware product to wipe Bogema Security out of your hard drive.

A Review of Bogema Security's Less-Than-Stellar Past

Bogema Security doubles as the name of the company that markets the Bogema Security 2011 rogue program, as well as the name of the rogue program itself. The Bogema Security company, unfortunately, has been confirmed to trade in fraudulent credit card bills instead of providing real security software. If you've purchased Bogema Security or a similar product, the most urgent priority on your mind should be canceling your credit card to stop any more unwarranted expenses.

A second but almost equally-important goal should be to avoid Bogema Security's arsenal of attacks on your computer. Our malware team has noted that Bogema Security 2011 has the capability to:

  • Launch itself without your permission.
  • Remain active in the form of a concealed memory process even after you've tried to shut down Bogema Security.
  • Create fake spyware alerts and other infection warnings that present dishonest information about your computer's health, especially with regards to security-related programs and basic Windows utilities.
  • Alter your file-viewing settings to hide files, particularly its own.
  • Block anti-virus and security applications. Bogema Security may also use this in coordination with its fake errors to make it look as though it's blocking these applications for your own good.
  • Redirect your web browser to the Bogema Security website, or to a similar malicious website. Websites that may be linked to the same criminal company include,,, and These websites sell similar rogue security applications, such as lean Security, Ultimate Scan and Ultimate Guard. Other rogue security programs associated with Bogema Security are XP Internet Security 2012, Personal Shield Pro Version 2.20, XP Security 2011, Windows 7 Fix, and Vista Home Security 2012. All of these programs and even Bogema Security may also be marketed with the '2011' suffix; for example, as Bogema Security 2011.

Defeating Bogema Security or Better Yet, Keeping Bogema Security Off Your PC

The easiest way to keep Bogema Security 2011 from infecting your PC in the first place is to avoid the aforementioned sites, which may use Flash or Java exploits to install Bogema Security even if you don't want it. Our malware team has also seen instances of rogue applications that are very similar to Bogema Security being installed by Zlob and Fake Microsoft Security Essentials Alert trojans. These trojans are often downloaded by mistake while they pretend to be codecs and other updates for media players.

Removing Bogema Security by deleting its files personally isn't recommended and may cause damage to your computer. Since many of Bogema Security's attacks can make changes to the Windows Registry, you should use a reliable anti-malware product to delete Bogema Security if you have access to such software.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS]
    2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
    3 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS]
    4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Bogema Security may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.