Beware of Security Essentials 2010
Thursday, March 4th, 2010Everyone today is worried about computer security and Microsoft’s Security Essentials offers a great way to protect your computer from viruses and malware.
However, users have to beware of a fake anti-virus program called Security Essentials 2010. With a similar name to Microsoft’s Security Essentials, the makers of Security Essentials 2010 are no doubt hoping to lure users into a false sense of security and trust in downloading their program.
When a user run Security Essentials 2010, the program will tell them, more often than not incorrectly, that their system is overloaded with viruses and malware and tell them they need to pay for the “full non-trial version” program in order to remove the malicious threats. This is type of practice is known as “scareware,” a program that tries to force users to pay for it by reporting false threats.
Security Essentials 2010 contains a Trojan horse that will in fact infect your personal computer, lowering security levels, terminating running processes, and changing the background to show alarming warning messages such as “Your computer is infected!,” and “Security Warning!
Worm.Win32.NetSky detected on your machine.” Security Essentials 2010 also installs Trojan:Win32/Fakeinit, which monitors TCP traffic and blocks certain domains, including eBay, Facebook, eBay, BBC News, and YouTube.
Security Essentials is a free download from Microsoft and will not ask users to pay for it as long as they are running a legitimate version of Windows.
If you have already installed Security Essentials 2010, you may remove it by following these steps:
1. Download HijackThis from Trend Micro. Close all open programs then run HijackThis. Click “Do a System Scan Only.”
2. Select the following entries by placing a check next to them:
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
Click “Fixed Checked.” Quit HijackThis.
2. Download LSPFix and unzip it. Run LSPFix. Check “I Know What I’m Doing.” Select helper32.dll in the Keep box. If helper32.dll is not there, close LSPFix and skip to Step 3.
Press the >> buttom to move helper32.dll to the Remove box. Click “Finish.” Click “OK” then quit LSPFix.
3. Download MalwareBytes. Make sure all programs on the computer are closed. Double click to install MalwareBytes. Make sure a checkmark is placed next to “Update MalwareBytes’ Anti-Malware and Launch MalwareBytes’ Anti-Malware” then click “Finish.”
Once the program opens, click “Perform Quick Scan” then click “Scan.” This may take some time, so be patient.
After the scan is complete, infected items will be displayed. Make sure everything is checked then click “Remove Selected.” You may be required to restart afterwards.