Security Essentials 2010
Security Essentials 2010 is a fake computer anti-virus program that originated from the same developers who created Internet Security 2010. This Security Essentials 2010 was created primarily not to protect a computer instead to be installed and and give its victims only one option to remove it – that is to purchased the Security Essentials 2010 registration code. Since it has no add/remove components during the installation process, Security Essentials 2010 removal is not automatic through Windows. An infection may also reduce capability of the user to remove it manually by disabling some Windows components such as registry editor, task manager and control panel. Access to Internet website that are related to anti-virus and anti-malware will also be blocked. The real on only sure way left to remove Security Essentials 2010 is not to purchase it but to get a legitimate security program as discussed below.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Security Essentials 2010 Infection?
This malware will automatically scan a computer and produce false results trying to mislead people into acquiring the Security Essentials 2010 activation and registration key.
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\SE2010
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\get-key-se10.com
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\ActiveDesktop “NoChangingWallpaper” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer “NoActiveDesktopChanges” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer “NoSetActiveDesktop” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System “DisableTaskMgr” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Security essentials 2010″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “smss32.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\ActiveDesktop “NoChangingWallpaper” = “1″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer “NoActiveDesktopChanges” = “1″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer “NoSetActiveDesktop” = “1″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “smss32.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\buy-security-essentials.com
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\download-soft-package.com
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\download-software-package.com
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\get-key-se10.com
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains\is-software-download.com
The threat will drop the following malicious files:
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
- %UserProfile%\Desktop\Security essentials 2010.lnk
- %UserProfile%\Start Menu\Security essentials 2010.lnk
- c:\s
- c:\Program Files\Securityessentials2010\
- c:\Program Files\Securityessentials2010\SE2010.exe
- c:\WINDOWS\system32\41.exe
- c:\WINDOWS\system32\helpers32.dll
- c:\WINDOWS\system32\smss32.exe
- c:\WINDOWS\system32\warnings.html
- c:\WINDOWS\system32\winlogon32.exe
How to Remove Security Essentials 2010 Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Security Essentials 2010
1. Download and run Removal Tool to remove Security Essentials 2010
My Security Wall Personal Anti Malware
For such parasites, if known antimalware can’t remove them, they can usually be removed by booting the target system to another OS (eg.: a WinPE Live CD or a second Windows installation) and running some antimalware tools from there.
You can even try mounting the infected system’s registry hives to clean the registry (I’ve never tried this though, but I think it should work).
Well, of course the easiest way is to reformat and reinstall Windows (if you do not reformat, make sure to run a virus scan after reinstalling Windows to remove malware from your hard drive.