Friday, 23 April 2010

How to remove My Security Engine (Uninstall guide)

My Security Engine is a rogue anti-virus program that may cause serious system performance issues on your computer. This fake program is from the same family as CleanUp Antivirus malware. It performs fake system scan and reports false system security threats to make you think that your computer is infected with malicious software (spyware, adware, Trojans and etc.). The scan results are false. My Security Engine creates numerous harmless files upon installation and then flags those files as infected ones. How rude. Finally, it asks to pay for a full version of the program to remove the infections which don't exist. In other words, MySecurityEngine is a scam.



My Security Engine video: (thanks to rogueamp)


If you are reading this article, then your computer is probably infected with this scareware. Thankfully, we've got removal instructions to help. This fake program can be removed from your computer for free using legitimate and reputable anti-malware applications. Please follow the removal instructions below.

You may wonder how you got infected with this badware? Well, usually, such fake programs as My Security Engine come from fake online scanners, misleading online video websites or any other compromised/malicious website. It may come bundled with other malware too. Please also note that cyber criminals promote their bogus products on popular social networks. Once installed, the rogue program displays fake warnings about infected files and possible attacks from a remote computer. Some of the fake warnings read:

"Your PC may still be infected with dangerous viruses. My Security Engine protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection."

"My Security Engine has detected potentially harmful software in your system. It is strongly recommended that you register My Security Engine to remove all found threats immediately. "

Furthermore, MySecurityEngine will modify Windows Hosts file and hijack Internet Explorer. You will be redirected to various misleading websites. There is a chance that you won't be able to visit certain security related websites and your search queries will be redirected to findgala.com.

It goes without saying that you should uninstall My Security Engine from your computer as soon as possible. Most importantly, don't purchase it. If you have already purchased it, then please contact your credit card company and dispute the charges. If you have any questions or additional information about this malware please don't hesitate and leave a comment. Good luck and be safe!


My Security Engine removal instructions (method #1):

Download one of the following legitimate anti-malware applications and run a quick system scan. Don't forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.


Removing My Security Engine in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.

My Security Engine files and registry values:

Folders and files:
  • C:\Documents and Settings\All Users\Application Data\345d567
  • C:\Documents and Settings\All Users\Application Data\345d567\2322.mof
  • C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
  • C:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
  • C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • C:\Documents and Settings\All Users\Application Data\MSHOLE\
  • %UserProfile%\Application Data\My Security Engine\
  • C:\Program Files\Mozilla Firefox\searchplugins\search.xml
Registry values:
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"

Share this information with other people:

No comments:

Post a Comment