Home Safety Essentials is a fake product from Virus Doctor Family which is specially designed to deceive naïve consumers. This virus mainly spreads via fake on-line scanners and malicious websites. What happens is, when you visit a website via search engine, you’ll see a page which will scan your computer and tell you that numerous infections are present in your computer. Then you’ll be offered to download software and that software is Home Safety Essentials. Always keep in mind that all the pages that do a on-line scan of your computer are fake. You should not trust those pages and never download any software otherwise your computer will get infected with rogue products like Home Safety Essentials.
Some strains of this rogue software infect the computer via hacked websites using operating system vulnerabilities. From hacked websites, this product can enter in your computer without your knowledge and permission. This virus also spreads some harmless files on your computer and then reports them as infection. Don’t fall for this cheap scam and all you need to do is remove Home Safety Essentials from your computer as quickly as possible.
Home Safety Essentials will automatically load on startup and perform many fake scans on your machine. It will tell you that to remove the infections, you need to purchase the program but the fact is, this software is not capable of removing anything. Here is a screen-shot of Home Safety Essentials:
How To Remove Home Safety Essentials
You can remove home safety essentials either by using an anti-virus software or by using your own mind. I’m describing both methods in details below.
A) Removal using a Spyware Remover
This method is highly recommended for all computer users because It is very effective and guarantees the results. You need to download a genuine Spyware remover, scan your computer and then get rid of all the infections.
This method is so easy that even newbie computer users can easily eradicate the virus. You just need to click a few buttons and rogue software will be automatically removed from your computer. For automatic removal of home safety essentials, I highly recommend Spyware Doctor. You can download Spyware Doctor by clicking the button below:
B) Manual Removal of Home Safety Essentials
Manual removal of home safety essentials is a cumbersome method and this method can’t be followed by all computer users. If you are not a computer expert, manual removal method is simply not suitable for you. Manual Removal of rogue software should not be based on any sort of assumptions.
If you delete wrong files from your computer which are actually not infected, you could lead your computer into further troubles. If you are sure that you can conduct manual removal easily, follow these steps to remove home safety essentials:
1. First of all, you need to stop the program from running. For this, you need to run Task Manager and end process of the rogue. Its process will usually have this format:
Ramdom-characters_random-numbers.exe (For example Pdfs_3433.exe)
Look for such a filename in Task Manager and end that process. You can access Task Manager by pressing ALT+CTRL+DELETE keys of your keyword. If Task Manager is blocked on your computer, download Process Explorer and end the rogue process.
2. After ending the rogue process, run Registry Editor. You can access registry editor by clicking on Start/Run, type “regedit” and click OK button.
Remove/correct these registry entries. Remove all registry entries which are in DisallowRun. If you look carefully, these registry entries are to block genuine antivirus programs from running.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262} HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 msseces.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 avgemc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials
HKLM\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKLM\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\AluSchedulerSvc.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe
3. Now you need to remove Home Safety Essentials files from your computer. Please browse these locations and remove infected files:
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\
%AllUsersProfile%\HSYITSQGE
%AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg
%AppData%\Home Safety Essentials\
%AppData%\Home Safety Essentials\Instructions.ini
%AppData%\Home Safety Essentials\ScanDisk_.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Recent\CLSV.tmp
%AppData%\Microsoft\Windows\Recent\DBOLE.dll
%AppData%\Microsoft\Windows\Recent\PE.sys
%AppData%\Microsoft\Windows\Recent\SICKBOY.drv %AppData%\Microsoft\Windows\Recent\SICKBOY.sys %AppData%\Microsoft\Windows\Recent\delfile.dll
%AppData%\Microsoft\Windows\Recent\eb.dll
%AppData%\Microsoft\Windows\Recent\eb.sys
%AppData%\Microsoft\Windows\Recent\energy.dll
%AppData%\Microsoft\Windows\Recent\gid.tmp
%AppData%\Microsoft\Windows\Recent\pal.sys
%AppData%\Microsoft\Windows\Recent\ppal.drv
%AppData%\Microsoft\Windows\Recent\runddlkey.exe
%AppData%\Microsoft\Windows\Recent\snl2w.drv
%AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk
%UserProfile%\Desktop\Home Safety Essentials.lnk
After removing above files, please reboot your computer and you should not see Home Safety Essentials again in your computer. Keep in mind that manual removal is not a guarantee of complete removal. If you still find Home Safety Essentials in your computer or can’t follow manual removal steps, consider following automated removal method instead.
No comments:
Post a Comment