Security Essentials 2010

By | February 16, 2010 | 1 Comment

Security Essentials 2010 is a fake computer anti-virus program that originated from the same developers who created Internet Security 2010. This malware is created primarily not to protect a computer. Instead, it will give its victims only one option to remove threats, and that is to purchase the Security Essentials 2010 registration code.

Since it has no add/remove components during the installation process, Security Essentials 2010 removal is not an instant task through Windows. It will require you to get the full version in order to remove the whole package.

An infection may also reduce capability of the user to remove it manually by disabling some Windows components such as registry editor, task manager and control panel. Access to Internet website that is related to anti-virus and anti-malware will also be blocked. The real on only sure way left to remove Security Essentials 2010 is not to purchase it but to get a legitimate security program as discussed below.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP, Windows Vista

What are the Symptoms of Security Essentials 2010 Infection?

Security Essentials 2010  Screen Shot Image

This malware will automatically scan a computer and produce false results trying to mislead people into acquiring the Security Essentials 2010 activation and registration key.

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\SE2010
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\get-key-se10.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\ActiveDesktop “NoChangingWallpaper” = “1”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer “NoActiveDesktopChanges” = “1”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer “NoSetActiveDesktop” = “1”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System “DisableTaskMgr” = “1”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Security essentials 2010”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “smss32.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\ActiveDesktop “NoChangingWallpaper” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer “NoActiveDesktopChanges” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer “NoSetActiveDesktop” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “smss32.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\download-soft-package.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\download-software-package.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\get-key-se10.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\is-software-download.com

The threat will drop the following malicious files:

  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
  • %UserProfile%\Desktop\Security essentials 2010.lnk
  • %UserProfile%\Start Menu\Security essentials 2010.lnk
  • c:\s
  • c:\Program Files\Securityessentials2010\
  • c:\Program Files\Securityessentials2010\SE2010.exe
  • c:\WINDOWS\system32\41.exe
  • c:\WINDOWS\system32\helpers32.dll
  • c:\WINDOWS\system32\smss32.exe
  • c:\WINDOWS\system32\warnings.html
  • c:\WINDOWS\system32\winlogon32.exe

One thought on “Security Essentials 2010

  1. DDS Central

    For such parasites, if known antimalware can’t remove them, they can usually be removed by booting the target system to another OS (eg.: a WinPE Live CD or a second Windows installation) and running some antimalware tools from there.
    You can even try mounting the infected system’s registry hives to clean the registry (I’ve never tried this though, but I think it should work).

    Well, of course the easiest way is to reformat and reinstall Windows (if you do not reformat, make sure to run a virus scan after reinstalling Windows to remove malware from your hard drive.

Leave a Reply

Your email address will not be published. Required fields are marked *