Home Safety Essentials Removal - How To Guide

Home Safety Essentials is a fake product from Virus Doctor Family which is specially designed to deceive naïve consumers. This virus mainly spreads via fake on-line scanners and malicious websites. What happens is, when you visit a website via search engine, you’ll see a page which will scan your computer and tell you that numerous infections are present in your computer. Then you’ll be offered to download software and that software is Home Safety Essentials. Always keep in mind that all the pages that do a on-line scan of your computer are fake. You should not trust those pages and never download any software otherwise your computer will get infected with rogue products like Home Safety Essentials.

Some strains of this rogue software infect the computer via hacked websites using operating system vulnerabilities. From hacked websites, this product can enter in your computer without your knowledge and permission. This virus also spreads some harmless files on your computer and then reports them as infection. Don’t fall for this cheap scam and all you need to do is remove Home Safety Essentials from your computer as quickly as possible.

Home Safety Essentials will automatically load on startup and perform many fake scans on your machine. It will tell you that to remove the infections, you need to purchase the program but the fact is, this software is not capable of removing anything. Here is a screen-shot of Home Safety Essentials:

How To Remove Home Safety Essentials

You can remove home safety essentials either by using an anti-virus software or by using your own mind. I’m describing both methods in details below.

A) Removal using a Spyware Remover

This method is highly recommended for all computer users because It is very effective and guarantees the results. You need to download a genuine Spyware remover, scan your computer and then get rid of all the infections.

This method is so easy that even newbie computer users can easily eradicate the virus. You just need to click a few buttons and rogue software will be automatically removed from your computer. For automatic removal of home safety essentials, I highly recommend Spyware Doctor. You can download Spyware Doctor by clicking the button below:

B) Manual Removal of Home Safety Essentials

Manual removal of home safety essentials is a cumbersome method and this method can’t be followed by all computer users. If you are not a computer expert, manual removal method is simply not suitable for you. Manual Removal of rogue software should not be based on any sort of assumptions.

If you delete wrong files from your computer which are actually not infected, you could lead your computer into further troubles. If you are sure that you can conduct manual removal easily, follow these steps to remove home safety essentials:

1. First of all, you need to stop the program from running. For this, you need to run Task Manager and end process of the rogue. Its process will usually have this format:

Ramdom-characters_random-numbers.exe (For example Pdfs_3433.exe)

Look for such a filename in Task Manager and end that process. You can access Task Manager by pressing ALT+CTRL+DELETE keys of your keyword. If Task Manager is blocked on your computer, download Process Explorer and end the rogue process.

2. After ending the rogue process, run Registry Editor. You can access registry editor by clicking on Start/Run, type “regedit” and click OK button.

Remove/correct these registry entries. Remove all registry entries which are in DisallowRun. If you look carefully, these registry entries are to block genuine antivirus programs from running.

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262} HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 msseces.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 avgemc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials
HKLM\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKLM\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\AluSchedulerSvc.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe

3. Now you need to remove Home Safety Essentials files from your computer. Please browse these locations and remove infected files:

%AllUsersProfile%\\
%AllUsersProfile%\\14.mof
%AllUsersProfile%\\3178.mof
%AllUsersProfile%\\46.mof
%AllUsersProfile%\\6113.mof
%AllUsersProfile%\\HS2d7_231.exe
%AllUsersProfile%\\HSE.ico
%AllUsersProfile%\\HSESys
%AllUsersProfile%\\Quarantine Items
%AllUsersProfile%\HSYITSQGE
%AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg
%AppData%\Home Safety Essentials\
%AppData%\Home Safety Essentials\Instructions.ini
%AppData%\Home Safety Essentials\ScanDisk_.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Recent\CLSV.tmp
%AppData%\Microsoft\Windows\Recent\DBOLE.dll
%AppData%\Microsoft\Windows\Recent\PE.sys
%AppData%\Microsoft\Windows\Recent\SICKBOY.drv %AppData%\Microsoft\Windows\Recent\SICKBOY.sys %AppData%\Microsoft\Windows\Recent\delfile.dll
%AppData%\Microsoft\Windows\Recent\eb.dll
%AppData%\Microsoft\Windows\Recent\eb.sys
%AppData%\Microsoft\Windows\Recent\energy.dll
%AppData%\Microsoft\Windows\Recent\gid.tmp
%AppData%\Microsoft\Windows\Recent\pal.sys
%AppData%\Microsoft\Windows\Recent\ppal.drv
%AppData%\Microsoft\Windows\Recent\runddlkey.exe
%AppData%\Microsoft\Windows\Recent\snl2w.drv
%AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk
%UserProfile%\Desktop\Home Safety Essentials.lnk

After removing above files, please reboot your computer and you should not see Home Safety Essentials again in your computer. Keep in mind that manual removal is not a guarantee of complete removal. If you still find Home Safety Essentials in your computer or can’t follow manual removal steps, consider following automated removal method instead.

XP Antivirus 2012 Removal – How To Remove

XP Antivirus 2012 is a software which should never be trusted. It is actually a rogue antivirus software in the skin of a real anti-virus software. It just imitates legitimate scan and then shows a completely forged infection report. All the infections shown in that report are faked and have nothing to do with reality. Those infections actually don’t exist on your computer but the main intention of the software is scaring you and then dragging you into purchasing bogus software.

Don’t trust the fake scan report of XP Anti-virus 2012 as your computer is not infected at all. The only problem in your computer is XP Anti-virus 2012 itself and you need to take care of it as soon as possible. This is how XP Antivirus 2012 virus looks like:

XP Antivirus 2012 will continuously show fake alerts and ask you to purchase full version. Whenever you’ll run a genuine application on your computer, this rogue software will automatically pop-up and start scanning your computer. When you’ll try to access a site using Internet Explorer, It will tell you that your computer is at risk. You should not trust any warning and messages since those warning are forged and just to deceive you.

Even If you've purchase XP Antivirus 2012 by mistake, get in touch with your credit card company and file a dispute against the charge on your credit card. Closely watch your credit card transactions afterwards to make sure that your card is not being used fraudulently. To remove the rogue software from your computer, read the removal instructions below.

How To Remove XP Antivirus 2012

It is very easy to remove xp antivirus 2012 provided you use right software. It is true that XP Antivirus 2012 is a virus but there is much worse rogue software on the Internet which can literally damage your computer badly.

For complete XP antivirus 2012 removal, you can go for these options:

A) Removal Using a Spyware Remover:

You can remove XP antivirus 2012 using a malware remover software which is specially designed to deal with rogue products and other similar threats. You need to download a genuine malware remover, scan your whole computer for infections and then get rid of the rogue software.

We have tested several products and found that Spyware Doctor is the most effective product for removing rogue software. You can download it by clicking the button below:

After downloading, run Spyware Doctor and conduct a full scan of your computer. Spyware Doctor will automatically identify the presence of XP Antivirus 2012 in your computer and remove it. This is the easiest method and can be used by anyone.

B) Remove XP Antivirus 2012 Manually

You can try to remove XP Antivirus 2012 manually, however this method is not recommended for 95% computer users due to its complexity. This method is only useful for the people who are highly skilled in computers and have extremely good knowledge of everything.

If you don’t have ample knowledge of computers, you should not attempt your hands on this method. At best, you’ll not be able to remove the rogue software and at worst, you could damage your computer very badly. Removing the rogue software requires you to find and delete the infected files and then correct the registry entries as well. If you make a mistake while editing the registry, your computer may stop booting completely. Therefore, please follow these steps at your own risk.

1. First of all, please stop the process of XP Antivirus 2012 virus using Task Manager. You can run Task Manager by pressing Alt+Ctrl+Delete keys on your keyboard.

In Task Manager, please find a process which has 3 random letters and end that process. If you end the right process, the virus application will close down automatically.

2. Once the virus closes down, please browse this folder and delete suspicious files:

C:\Document and Settings\Administrator (or logged in user)\Application Data\

In above folder, you will find a file having three random characters in its name. This is the file you need to delete.

3. After deleting the infected file, you need to correct registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’

HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?

Keep in mind that manual removal doesn't guarantee complete removal of the rogue software. For this reason, If you find that the software is not going out of your computer, consider using a genuine spyware remover as this option is much more powerful and reliable in comparison with automatic removal.