Categories: Security

Fake Security Suite in the wild

Published on March 15th, 2010 | by sylv3rblade

0

A fake version of Microsoft Security Essentials (MSE), Redmond’s free antivirus program is quietly spreading under the guise of the original’s brand recognition.  The rogue “antivirus” software is called Security Essentials 2010.


If your computer displays the screenshot shown above, then your system is infected trojan called TrojanDownloader:Win32/Fakeinit. Microsoft’s official statement on the programs describes it as such: fake scanner that informs the user that they need to pay money to register the software and remove these non-existent threats, much like past rogue “antivirus” softwares like Antivirus 2009 and Antivirus 2010. What’s worse is that Security Essentials 2010 also terminates certain processes (like some of the “weaker” antivirus programs), edits the registry to disable Task Manager, lowers your security settings, hijacks your Web browser, and changes your background image to one of an ominious spyware warning.

How to Remove Fake Security Essentials 2010

Manual Method

  1. Clean your System with HijackThis.
    1. Download and install HijackThis.
    2. Run HijackThis, click Do a System Scan Only
    3. Select the following entries from the scanned list:
      F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
      O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
      O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
      O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
    4. Close all other applications (except HijackThis of course) and click the fix checked button.  This will remove all entries of Security Essentials 2010 from your registry.
    5. Close HijackThis
  2. Clean Security Essentials 2010 DLL files.
    1. Download and install LSPFix from LSPFix and unzip it to your Desktop.
    2. Run LSPFix and tick the option I know what I’m doing under the Advanced Options.
    3. On the Keep box, click helper32.dll
    4. Press the >> button to transfer it to the Remove box.
    5. Press Finish>> button to remove the helper32.dll file.
    6. Once the removal process is done, LSPFix will display a summary of it’s actions.  Press OK to close it.

Automated Method

Simply install the following programs, update their database and scan.

For reference Security Essentials 2010 makes the following additions to your computer:

Security Essentials 2010 creates the following files and folders

C:\Program Files\SecurityEssentials2010
C:\Program Files\SecurityEssentials2010\SE2010.exe

Security Essentials 2010 creates the following registry keys and values

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Essentials 2010

If you have any other question, post a comment.  Good luck!

Tags: , ,



Comments are closed.

Back to Top ↑

website stats