Ask Me - THRComputer Solutions

Everyone today is worried about computer security and Microsoft’s Security Essentials offers a great way to protect your computer from viruses and malware.

However, users have to beware of a fake anti-virus program called Security Essentials 2010. With a similar name to Microsoft’s Security Essentials, the makers of Security Essentials 2010 are no doubt hoping to lure users into a false sense of security and trust in downloading their program.

When a user run Security Essentials 2010, the program will tell them, more often than not incorrectly, that their system is overloaded with viruses and malware and tell them they need to pay for the “full non-trial version” program in order to remove the malicious threats. This is type of practice is known as “scareware,” a program that tries to force users to pay for it by reporting false threats.

Security Essentials 2010 contains a Trojan horse that will in fact infect your personal computer, lowering security levels, terminating running processes, and changing the background to show alarming warning messages such as “Your computer is infected!,” and “Security Warning!
Worm.Win32.NetSky detected on your machine.” Security Essentials 2010 also installs Trojan:Win32/Fakeinit, which monitors TCP traffic and blocks certain domains, including eBay, Facebook, eBay, BBC News, and YouTube.

Security Essentials is a free download from Microsoft and will not ask users to pay for it as long as they are running a legitimate version of Windows.

If you have already installed Security Essentials 2010, you may remove it by following these steps:

1. Download HijackThis from Trend Micro. Close all open programs then run HijackThis. Click “Do a System Scan Only.”

2. Select the following entries by placing a check next to them:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe

Click “Fixed Checked.” Quit HijackThis.

2. Download LSPFix and unzip it. Run LSPFix. Check “I Know What I’m Doing.” Select helper32.dll in the Keep box. If helper32.dll is not there, close LSPFix and skip to Step 3.

Press the >> buttom to move helper32.dll to the Remove box. Click “Finish.” Click “OK” then quit LSPFix.

3. Download MalwareBytes. Make sure all programs on the computer are closed. Double click to install MalwareBytes. Make sure a checkmark is placed next to “Update MalwareBytes’ Anti-Malware and Launch MalwareBytes’ Anti-Malware” then click “Finish.”

Once the program opens, click “Perform Quick Scan” then click “Scan.” This may take some time, so be patient.

After the scan is complete, infected items will be displayed. Make sure everything is checked then click “Remove Selected.” You may be required to restart afterwards.

Virus Burst is identified as an Adware program by Webroot Spy Sweeper.  The program is actually marketed as a Spyware Removal tool.  The program issues fake alerts to the user telling them they have spyware installed on their computer which is why this program is also considered as a rogue anti spyware program.  Clicking on the alert brings you to their website where you can purchase their commerical version of the software.  Virus Burst also seems to be also marketed in other software called “VirusRescue” and “Spyware Quake”.

The best advice for removing Virus Burst is to download Webroot Spy Sweeper and have it remove the software.  You can be assured that Webroot and many of the other reputable companies do not knowingly issue fake alerts to scare you into using their software. 

For those who are interested in manually removing this software, you can visit Bleeping Computer.  We just always like to point out that their are lots of new spyware and adware threats appearing everyday.  An automatic solution that prevents the threat from even getting on your computer is always your safest option.

I came across this new adware threat today called BraveSentry Fake Alert.  My anti-spyware program Spyware Doctor from PC Tools popped up an alert today letting me know that it quarantined this program today.  I did a little research into it and found out that sites on the internet are saying that this adware threat is actually coming from a rogue anti-spyware program called BraveSentry.  It seems that the program does nothing more than try and trick you to purchase the commercial version of their program by telling you that you have spyware threats on your computer.  PC Tools classifies this as an adware program because it seems to have the ability to display advertisements on your computer such as the fake spyware alert.

We always recommend to our clients that they have a trusted anti-spyware program installed on their computer to protect against threats like the “BraveSentry Fake Alert”.  We do recommend that they use PC Tools - Spyware Doctor for their anti-spyware protection.  Click here to get a free trial scan to see what has been installed on your computer.  PC Tools does not use scare tactics to get you to use their program and they will tell you truthfully if your computer has any threats installed on it.