My Security Engine video: (thanks to rogueamp)
If you are reading this article, then your computer is probably infected with this scareware. Thankfully, we've got removal instructions to help. This fake program can be removed from your computer for free using legitimate and reputable anti-malware applications. Please follow the removal instructions below.
You may wonder how you got infected with this badware? Well, usually, such fake programs as My Security Engine come from fake online scanners, misleading online video websites or any other compromised/malicious website. It may come bundled with other malware too. Please also note that cyber criminals promote their bogus products on popular social networks. Once installed, the rogue program displays fake warnings about infected files and possible attacks from a remote computer. Some of the fake warnings read:
"Your PC may still be infected with dangerous viruses. My Security Engine protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection."
"My Security Engine has detected potentially harmful software in your system. It is strongly recommended that you register My Security Engine to remove all found threats immediately. "
Furthermore, MySecurityEngine will modify Windows Hosts file and hijack Internet Explorer. You will be redirected to various misleading websites. There is a chance that you won't be able to visit certain security related websites and your search queries will be redirected to findgala.com.
It goes without saying that you should uninstall My Security Engine from your computer as soon as possible. Most importantly, don't purchase it. If you have already purchased it, then please contact your credit card company and dispute the charges. If you have any questions or additional information about this malware please don't hesitate and leave a comment. Good luck and be safe!
My Security Engine removal instructions (method #1):
Download one of the following legitimate anti-malware applications and run a quick system scan. Don't forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.
NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.
Removing My Security Engine in Safe Mode with Networking (method #2):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
My Security Engine files and registry values:
Folders and files:
- C:\Documents and Settings\All Users\Application Data\345d567
- C:\Documents and Settings\All Users\Application Data\345d567\2322.mof
- C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
- C:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
- C:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
- C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
- C:\Documents and Settings\All Users\Application Data\MSHOLE\
- %UserProfile%\Application Data\My Security Engine\
- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
Share this information with other people:
No comments:
Post a Comment