Home Fake Warning Messages Fake Microsoft Security Essentials Alert

Fake Microsoft Security Essentials Alert

Posted: August 24, 2010

Fake Microsoft Security Essentials Alert Screenshot 2The Fake Microsoft Security Essentials Alert is a fake pop-up warning that usually is associated with the FakePAV family of rogue system cleaners and general security scanners. This particular family of scamware has been at large and identified since at least 2011, but SpywareRemove.com malware researchers warn that Fake Microsoft Security Essentials Alert attacks and related PC issues still are being detected as of this year. While Fake Microsoft Security Essentials Alert does its utmost to look like a legitimate Windows warning about a vaguely-specified PC threat on your computer, Fake Microsoft Security Essentials Alert's system information is fraudulent, and its sole purpose is to encourage you to purchase a fake software product (which may be a Registry cleaner, antivirus program or other form of system scanner). You can remove a Fake Microsoft Security Essentials Alert by removing all associated PC threats, generally with a real anti-malware application.

The Fake Microsoft Security Essentials Alert: When You Can't Trust 'Microsoft' to Protect Your Computer

The Fake Microsoft Security Essentials Alert is a pop-up alert that's just one of the various symptoms displayed by a FakePAV infection – a rogue system scanner that pretends to protect your computer, but, in reality, identifies fake problems in an effort to make you waste money on its software. The Fake Microsoft Security Essentials Alert often is invoked to block you from using other programs, and usually will indicate (inaccurately) that the program you're trying to use has been infected by a generic Trojan.

Red Cross Antivirus, Peak Protection 2010, Major Defense Kit, AntiSpy Safeguard and Pest Detector 4.1 all are some of the most well-known PC threats that may use the Fake Microsoft Security Essentials Alert. However, SpywareRemove.com malware experts also are familiar with other variants of FakePAV, such as Windows Process Regulator, Windows Premium Console, Windows Defence Counsel and Windows Web Commander.

Unlike some other kinds of PC threats (such as a typical Ukash Virus or other Police Ransomware Trojan), the pop-up warning of a Fake Microsoft Security Essentials Alert usually can be closed, like any other window. However, SpywareRemove.com malware experts stress that this doesn't let you access any blocked programs or remove the FakePAV infection that causes Fake Microsoft Security Essentials Alert from your computer.

Being Savvy to the Fake Microsoft Security Essentials Alert's Misleading Marketing Scheme

Since the Fake Microsoft Security Essentials Alert's foremost goal is to make you spend money on a fake antivirus program or similar product that can't help your PC, you never should trust links, software, scan results or any other information related to a Fake Microsoft Security Essentials Alert. Disabling the PC threat that creates the Fake Microsoft Security Essentials Alert should be your first step, for which SpywareRemove.com malware analysts suggest booting from a recovery drive (any USB device or similar item) and using Safe Mode.

Appropriate anti-malware tools then can delete all scamware related to the Fake Microsoft Security Essentials Alert, which also may be accompanied by related PC threats, such as Trojan droppers or other Trojans that are designed to install harmful software. Of course, any information that's transferred to companies related to a Fake Microsoft Security Essentials Alert's scamware always should be considered compromised, and this includes credit card credentials and all related financial data.

Fake Microsoft Security Essentials Alert Screenshot 1Fake Microsoft Security Essentials Alert Screenshot 3Fake Microsoft Security Essentials Alert Screenshot 4Fake Microsoft Security Essentials Alert Screenshot 5Fake Microsoft Security Essentials Alert Screenshot 6Fake Microsoft Security Essentials Alert Screenshot 7Fake Microsoft Security Essentials Alert Screenshot 8Fake Microsoft Security Essentials Alert Screenshot 9Fake Microsoft Security Essentials Alert Screenshot 10

Technical Details

File System Modifications

The following files were created in the system:



ime_new[1].exe File name: ime_new[1].exe
File type: Executable File
Mime Type: unknown/exe
msseces.exe File name: msseces.exe
File type: Executable File
Mime Type: unknown/exe
%UserProfile%\Application Data\antispy.exe File name: %UserProfile%\Application Data\antispy.exe
File type: Executable File
Mime Type: unknown/exe
%UserProfile%\Application Data\defender.exe File name: %UserProfile%\Application Data\defender.exe
File type: Executable File
Mime Type: unknown/exe
%UserProfile%\Application Data\PAV\ File name: %UserProfile%\Application Data\PAV\
%UserProfile%\Application Data\tmp.exe File name: %UserProfile%\Application Data\tmp.exe
File type: Executable File
Mime Type: unknown/exe
%UserProfile%\Local Settings\Temp\kjkkklklj.bat File name: %UserProfile%\Local Settings\Temp\kjkkklklj.bat
File type: Batch file
Mime Type: unknown/bat

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\PAVHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "tmp"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"

Additional Information

The following messages's were detected:
# Message
1Microsoft Security Essentials Alert
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click 'Show details' to learn more.

4 Comments

  • Pjennings says:

    WHAT IF THEY HAVE DISABLED Registry Editor & task manager ?????

  • MacOS FTW says:

    If the malware has disabled Registry Editor and Task Manager, you should be able to get to those by starting your computer in Safe Mode.

    To start in safe mode, slowly tap the F8 key right after the manufacturers logo screen on startup. This will bring you to an optional startup list, choose "safe mode" (choose safe mode with networking for network support)

    Proceed to follow the directions listed here, and reboot normally.

  • bonolo says:

    i want to remove the antivirus8 fro my computer i cant even access intenet it keeps on popping into the screen

  • Art Greenfield says:

    I just got this, and immediately came here. I will x out without opening it, but will it keep popping up? This is the first time, and I assumed that it was a ruse.