Essential Cleaner

Posted: May 7, 2011

Essential Cleaner Description

ScreenshotEssential Cleaner is a new addition to the System Tool family of rogue anti-virus applications. Essential Cleaner infections are known to spread by means of fake online system alerts that warn you about infections that require you to download Essential Cleaner to remove them. Once on your PC, Essential Cleaner will create more fake alerts, stop you from using many different applications, hijack your web browser and may even shut down your Internet connectivity. You should switch to Safe Mode to make sure any scans detect Essential Cleaner and remove Essential Cleaner with anti-malware applications that are designed to handle such threats.

Essential Cleaner: Cleaning You Out of Your Money with Fake Warnings

Essential Cleaner pretends to be a software solution to malware infections, but it never really takes the time to scan your computer. Instead, Essential Cleaner creates fake warnings like the samples below without checking to see if the infections are there or not:

Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
CLick [sic] Yes to download official intrusion detection system (IDS software).

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...

Essential Cleaner Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.

Since Essential Cleaner doesn't offer any real anti-virus protection, there's no reason for you to purchase it as Essential Cleaner so insistently recommends. Other problems linked to Essential Cleaner include:

  • Browser hijacks. Your web browser may display altered content with additional links, have its homepage setting changed, redirect you to hostile websites or show fake unsafe website alerts.
  • Disabled file downloads. You may be able to avoid this attack by renaming the file into a generic file name like explorer.exe.
  • Disabled applications. Security-related programs are almost certain to be targeted by Essential Cleaner. You can try renaming the executable file as noted in the above download attack; most rogue programs like Essential Cleaner are configured to allow certain baseline files to run by default.

You can also be infected by Essential Cleaner clones, which show the same properties with different program names. Some major Essential Cleaner clones include System Tool, Live Security Platinum, System Tool 2011 and System Tool 2.20.

Cleaning Out Essential Cleaner

Essential Cleaner has been known to befuddle many a PC user by avoiding detection by otherwise competent anti-malware programs. The key, in this case, is to use Safe Mode or a similar boot-up mode that stops Essential Cleaner from launching automatically, as it will do every time your PC loads Windows normally.

Afterwards, you should be able to detect and delete Essential Cleaner with appropriate anti-malware scanners. If no scanners are available, you can try to delete Essential Cleaner's randomly-named files, which hide in Program Data and Documents and Settings Folders. However, this should be done only if you have absolutely no access to a better, software-assisted solution that will remove Essential Cleaner with less chance of error.


ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\
    2 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll
    3 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
    4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof
    5 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx
    6 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\
    7 %UserProfile%\Application Data\Essential Cleaner\
    8 %UserProfile%\Application Data\Essential Cleaner\cookies.sqlite
    9 %UserProfile%\Application Data\Essential Cleaner\Instructions.ini

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = ‘http=127.0.0.1:18810'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Essential Cleaner"HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler

Additional Information on Essential Cleaner

  • The following messages's were detected:
    # Message
    1 Warning: Your computer is infected
    Windows has detected spyware infection!
    Click this message to install the last update of Windows security software...
    2 Warning!
    Application cannot be executed. The file cmd.exe is infected.
    Please activate your antivirus software.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Essential Cleaner may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

19 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.