Security Cleaner Pro

Posted: October 4, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	49

First Seen:	October 4, 2013
OS(es) Affected:	Windows

Security Cleaner Pro is a misleading anti-malware application that deceives its victims with fake system errors, scans with bad results and a variety of other attacks that are meant to convince the PC user to purchase its fake software. Currently estimated to be another entrant into the FakeRean family of scamware, Security Cleaner Pro also may block select programs on your computer, with an especial focus on security-oriented ones like Task Manager or a legitimate anti-malware scanner. Since Security Cleaner Pro is a fraudulent program with nothing good to offer you, SpywareRemove.com malware experts see no problems in recommending that you take all measures needed to disable and remove Security Cleaner Pro with an actual anti-malware product.

Everything Unprofessional About Security Cleaner Pro's 'Cleaning' Job

Security Cleaner Pro camouflages itself as an anti-malware product, but the only real functions that Security Cleaner Pro displays all are based on restricting your PC usage and providing you with false information. Like similar rogue anti-malware products, Security Cleaner Pro sports a fake system scanner that detects inaccurate threats on your computer, and also has functions for creating a series of pop-up alerts with false system information. The purpose of Security Cleaner Pro's fake information is to encourage you to buy its software – even though (as SpywareRemove.com malware experts easily confirmed) Security Cleaner Pro can't detect or delete any actual PC threats at all.

These functions are risky to the ignorant, but Security Cleaner Pro also may display attacks capable of harming the PCs of informed users, as well:

Security Cleaner Pro may block the processes of other programs.
Security Cleaner Pro may delete the Registry entries of some security programs (so far, only official Microsoft products have been targeted by this attack).
Security Cleaner Pro may add shortcuts to your desktop.

It also must be stressed that pop-up warnings created by Security Cleaner Pro infections are not always labeled as being derived from this program. In some cases, a Security Cleaner Pro-based pop-up also may imitate a default format for Windows warning messages.

Getting Your PC Clean of Security Cleaner Pro

While it's not too difficult to tell that buying Security Cleaner Pro isn't in your best interests, removing Security Cleaner Pro isn't necessarily as easy as it should be. SpywareRemove.com malware experts strongly advise that dedicated anti-malware programs be involved in any attempt to install high-level PC threats like Security Cleaner Pro or any of the FakeRean family's members that include Antivirus 2008 Pro, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus XP 2008, PC Clean Pro, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, Rogue.Vista Antivirus 2008, XP Home Security 2012, XP Security 2012 and AntiVirus PRO 2015. If Security Cleaner Pro blocks the software required for removing Security Cleaner Pro, disabling Security Cleaner Pro through a quick reboot to Safe Mode usually is the most direct work around.

Besides being a security risk in and of itself, Security Cleaner Pro also may be installed along with other PC threats. Some Trojans related to Security Cleaner Pro's family include Bredolab, Karagany, Zlob, Cutwail, Rorpian and Rugzip, all of which have been confirmed to include general threat-downloading functions.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\shl.exe

File name: shl.exe
Size: 230.91 KB (230912 bytes)
MD5: 4cb4d82bd5419e771b90a078a40f0818
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: October 7, 2013

%StartMenu%\Programs\Startup\shl.exe

File name: %StartMenu%\Programs\Startup\shl.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%AppData%\shl.exe

File name: %AppData%\shl.exe
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ProtSoftware Inc" = "%AppData%\shl.exe"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Protection