Home Security Essentials
Home Security Essentials is a fake anti-virus program that also claims to be able to detect other forms of high-level PC threats besides viruses, such as banking spyware and identity theft-related attacks. SpywareRemove.com malware experts have given Home Security Essentials a thorough look-over and found, however, that Home Security Essentials substitutes fake alerts for real ones and has no interest or, in fact, ability to analyze your PC for worms, Trojans, viruses or other infections. Since Home Security Essentials may also cause other problems of an even more serious nature, such as blocking security websites or preventing you from using security-related software, you should delete Home Security Essentials immediately and with an appropriate anti-malware product.
Home Security Essentials – Neither Secure Nor Essential for Your Home PC
Home Security Essentials hails from the same subgroup of rogue anti-virus products as Virus Melts, Virus Alarm, Virus Sweeper, Home Safety Essentials, Internet Security Essentials, Personal Internet Security 2011 and My Security Shield. All of the above and others from the same family are copies of each other that use similar interfaces and attack methodology. However, because variants such as Home Security Essentials may have been updated with additional defensive measures, you should keep your anti-malware products updated to have the best chance of catching recent additions to this rogue AV software group, such as Home Security Essentials.
The main issue that anyone will find quickly whenever they attempt to use Home Security Essentials is Home Security Essentials's use of frequent and unnerving error messages. SpywareRemove.com malware experts have found that these errors are scheduled to occur semi-randomly and you don't need to worry about any of the PC threats that Home Security Essentials tells you are on your computer. However, errors like the following may contain links to malicious websites, degrade your system's performance or cover up genuine error messages from Windows:
Malicious applications which can contain Trojans found on your PC need to be immediately removed. Click here to remove these potentially harmful items immediately with [rogue anti-virus program name].
9Process %Process%# attempted to change the address space.
An unidentified program-potentially: %ThreatPath% #malicious and able to modify system files- has been prevented from getting installed on your PC.
An unauthorized program has been prevented from accessing your PC.#Port:433 from 92.11.127.10
(Port scan detected at port %portnumber%).
An unidentified program tries to access your computer
The main goal that Home Security Essentials has in mind is to make you spend money on a fake activation process for itself or one of its clones. Because visiting the Home Security Essentials website to purchase Home Security Essentials can expose your PC to other potential infections, and because Home Security Essentials itself has no beneficial features, you should always avoid buying Home Security Essentials, even to make its attacks stop.
If you've bought Home Security Essentials, SpywareRemove.com malware research team strongly recommends that you speak with your credit card company and have the relevant card canceled. This will help you to avoid any other fraudulent charges that the criminals behind Home Security Essentials may try to make without your consent.
How Home Security Essentials Can Pry Your Security Wide Open
Home Security Essentials is from a family of rogue anti-virus software that also has a reputation for generally weakening your PC security in multiple ways. Because the attacks that SpywareRemove.com malware research experts have found are likely to make removing Home Security Essentials relatively difficult, you should be prepared to try extreme measures, such as Safe Mode and even booting from a separate source (like a USB drive) if it's necessary. Deleting Home Security Essentials manually is discouraged, unless there are no other options available.
Standard Home Security Essentials attacks, besides its fake error pop-ups, include browser hijacks that redirect you to the Home Security Essentials website, hijacks that block you from visiting security-based websites and program-blocking behavior that may disable your ability to use anti-malware and security applications. In some cases, the latter may be worked around by renaming program files in the form of generic system files, such as 'explorer.exe.'
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AllUsersProfile%\HSE.ico
File name: %AllUsersProfile%\HSE.icoMime Type: unknown/ico
%AllUsersProfile%\HS2d7_231.exe
File name: %AllUsersProfile%\HS2d7_231.exeFile type: Executable File
Mime Type: unknown/exe
%AppData%\Home Safety Essentials
File name: %AppData%\Home Safety Essentials%AppData%\Home Safety Essentials\ScanDisk_.exe
File name: %AppData%\Home Safety Essentials\ScanDisk_.exeFile type: Executable File
Mime Type: unknown/exe
%AppData%\Home Safety Essentials\Instructions.ini
File name: %AppData%\Home Safety Essentials\Instructions.iniMime Type: unknown/ini
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk
File name: %AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnkFile type: Shortcut
Mime Type: unknown/lnk
%AppData%\Microsoft\Windows\Recent\DBOLE.dll
File name: %AppData%\Microsoft\Windows\Recent\DBOLE.dllFile type: Dynamic link library
Mime Type: unknown/dll
%AppData%\Microsoft\Windows\Recent\PE.sys
File name: %AppData%\Microsoft\Windows\Recent\PE.sysFile type: System file
Mime Type: unknown/sys
%AppData%\Microsoft\Windows\Recent\SICKBOY.drv
File name: %AppData%\Microsoft\Windows\Recent\SICKBOY.drvFile type: Device Driver
Mime Type: unknown/drv
%AppData%\Microsoft\Windows\Recent\SICKBOY.sys
File name: %AppData%\Microsoft\Windows\Recent\SICKBOY.sysFile type: System file
Mime Type: unknown/sys
%AppData%\Microsoft\Windows\Recent\delfile.dll
File name: %AppData%\Microsoft\Windows\Recent\delfile.dllFile type: Dynamic link library
Mime Type: unknown/dll
%AppData%\Microsoft\Windows\Recent\eb.dll
File name: %AppData%\Microsoft\Windows\Recent\eb.dllFile type: Dynamic link library
Mime Type: unknown/dll
%AppData%\Microsoft\Windows\Recent\eb.sys
File name: %AppData%\Microsoft\Windows\Recent\eb.sysFile type: System file
Mime Type: unknown/sys
%AppData%\Microsoft\Windows\Recent\energy.dll
File name: %AppData%\Microsoft\Windows\Recent\energy.dllFile type: Dynamic link library
Mime Type: unknown/dll
%AppData%\Microsoft\Windows\Recent\gid.tmp
File name: %AppData%\Microsoft\Windows\Recent\gid.tmpFile type: Temporary File
Mime Type: unknown/tmp
%AppData%\Microsoft\Windows\Recent\pal.sys
File name: %AppData%\Microsoft\Windows\Recent\pal.sysFile type: System file
Mime Type: unknown/sys
%AppData%\Microsoft\WindowsRecent\ppal.drv
File name: %AppData%\Microsoft\WindowsRecent\ppal.drvFile type: Device Driver
Mime Type: unknown/drv
%AppData%Microsoft\Windows\Recent\runddlkey.exe
File name: %AppData%Microsoft\Windows\Recent\runddlkey.exeFile type: Executable File
Mime Type: unknown/exe
%AppData%\Microsoft\Windows\Recent\snl2w.drv
File name: %AppData%\Microsoft\Windows\Recent\snl2w.drvFile type: Device Driver
Mime Type: unknown/drv
%AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk
File name: %AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnkFile type: Shortcut
Mime Type: unknown/lnk
%AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk
File name: %AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnkFile type: Shortcut
Mime Type: unknown/lnk
%UserProfile%\Desktop\Home Safety Essentials.lnk
File name: %UserProfile%\Desktop\Home Safety Essentials.lnkFile type: Shortcut
Mime Type: unknown/lnk
%AllUsersProfile%\6113.mof
File name: %AllUsersProfile%\6113.mofMime Type: unknown/mof
%AllUsersProfile%\46.mof
File name: %AllUsersProfile%\46.mofMime Type: unknown/mof
%AllUsersProfile%\3178.mof
File name: %AllUsersProfile%\3178.mofMime Type: unknown/mof
%AllUsersProfile%\14.mof
File name: %AllUsersProfile%\14.mofMime Type: unknown/mof
%AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg
File name: %AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfgMime Type: unknown/cfg
%AllUsersProfile%\HSYITSQGE
File name: %AllUsersProfile%\HSYITSQGE%AllUsersProfile%\HSESys
File name: %AllUsersProfile%\HSESys%AllUsersProfile%\Quarantine Items
File name: %AllUsersProfile%\Quarantine Items%AppData%\Microsoft\Windows\Recent\CLSV.tmp
File name: %AppData%\Microsoft\Windows\Recent\CLSV.tmpFile type: Temporary File
Mime Type: unknown/tmp
Registry Modifications
HKEY..\..\{CLSID Path}HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}VidHKCU\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials HKLM\SOFTWARE\Classes\CLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY..\..\..\..{Subkeys}HKCU\Software\Classes\Software\Microsoft\Internet Explorer\Search\Scopes\URL http://findgala.com/?&uid=231&q={searchTerms}HKCU\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures "1"HKCU\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%HKCU\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun12\ avgemc.exeHKCU\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exeHKCU\Software\Microsoft\WindowsCurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exeHKCU\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\ 1HKLM\SOFTWARE\Classes\HS2d7_231.DocHostUIHandlerHKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings5.0User AgentPost Platform89770803HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings5.0User AgentPost Platformlib/5.00231HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsUID 231HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRunHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun msseces.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAVHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options~1.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options~2.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.