Monday, February 15, 2010

How to remove Security Essentials 2010 fake antivirus program? (Uninstall guide)

Security Essentials 2010 is a fake (rogue) antivirus program. It's a clone of Internet Security 2010. The same GUI only the name is different. Most importantly, don't confuse this rogue program with Microsoft Security Essentials which is perfectly legitimate software from reputable company. Name can be deceiving! This fake program is very irritating and if you are reading this article then you are probably infected with this scareware. Thankfully we've got several useful removal tips to help you remove Security Essentials 2010 for free.



This fake program is usually installed through the use of Trojans or other malicious software. It can be promoted via fake online scanners, misleading websites and even using social engineering methods. Once active, SecurityEssentials2010 loads many fake security warnings and popups claiming that your computer is badly infected, even though it's the only virus on your computer. The rogue program runs a fake system scan and reports false infections to scare you even more. Just like the fake security alerts, false computer threats should be ignore. Security Essentials 2010 is one of many fake antivirus applications that use various misleading methods to trick you into purchase the program. Don't do this! Instead, you should get rid of this annoying software as soon as possible.

Another very irritating thing is that Security Essentials 2010 blocks almost all programs on your computer and I'm not even talking about antivirus software. Usually, it displays an error message with the following text:

"Application cannot be executed. The file is infected. Please activate your antivirus software."

"ERROR
Application Error.The instruction at 0x009a6f9a referenced memory at 0x00000000. The memory could not be written.Click on OK to terminate the program."



"Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Interner Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)"

It will also hijack your Desktop and change your default background to something like this:



As you can see, Security Essentials 2010 is a total scam. Don't pay for it! If you bought this malware, then contact your credit card company and dispute the charges. Next, read the removal guide below and remove Security Essentials 2010 from your PC for free one and for all. Good luck! By the way, if you have any questions, don't hesitate and ask.



Security Essentials 2010 removal instructions (method #1):

NOTE: complete steps 1-3 if you can't use Internet or download/install malware removal tools listed in step 4.


1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entries in the scan results:
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
Select all such entries and click once on the "Fix checked" button. Close HijackThis tool.



3. Download the file LSPFix.zip and extract it into a folder on your PC.
Launch LSPFix. Place a tick in the "I know what I'm doing".
In the KEEP box select helper32.dll (or randomly named file such as lsawpeajpg.dll) and press ">>" button.
Press Finish>> button. Wait while LSPFix removes helper32.dll and displays a summary. Press OK.



4. Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.



Removing Security Essentials 2010 in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.


Security Essentials 2010 files and registry values:

Files:
  • C:\WINDOWS\system32\warnings.html
  • C:\WINDOWS\system32\helpers32.dll
  • C:\WINDOWS\system32\winlogon32.exe
  • C:\WINDOWS\system32\smss32.exe
  • C:\WINDOWS\system32\41.exe
  • %Temp%\250904.exe
  • %StartMenu%\Security essentials 2010.lnk
  • %Desktop%\Security essentials 2010.lnk
  • C:\ProgramFiles\Securityessentials2010\SE2010.exe
Registry keys and values:
  • HKEY_CURRENT_USER\Software\SE2010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • "Security essentials 2010"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "smss32.exe"

Share this information with other people:

No comments:

Post a Comment