Essential Cleaner Description
What is worse, buying into a scam and buying a fake anti-virus security tool or upgrading and learning you were duped not once but twice? Well, Essential Cleaner comes from a long line of imposters and fake AV programs, and you should immediately remove Essential Cleaner off your PC.
Essential Cleaner joins MS Removal Tool and its variant MS Removal Tool 2.20, amongst a long line of other rogue security programs. I guess cybercriminals figured they were already mimicking the design and behavior, so why not continue in this lie and offer an upgrade. Well, before you buy an upgrade of Essential Cleaner, why don’t we help you avoid the trap altogether. Essential Cleaner is not a legitimate Windows Microsoft product and was designed solely to cheat you out of money and leave your PC unprotected for future malicious attacks.
After deceptively gaining entry exploiting cracks in Microsoft Security Essentials and good ole human behavior, such as clicking on a dubious link or visiting an unsavory website, the Trojan engineering Essential Cleaner will setup the attack.
- Modifies registry settings so that Essential Cleaner runs at every boot.
- Adds Essential Cleaner to the list of approved programs to bypass victim’s firewall.
- Tampers with the victim’s Internet security by creating fake infected files and viruses, so the detection and scans will misfire.
- Hijacks the victim’s browser so they cannot download any helpful anti-malware programs.
- Interrupts applications so the victim will believe a security breach has occurred.
The Act – Simulation of Security Breach
- Assault victim with pop-ups and alerts.
- Slick interface of Essential Cleaner appears and runs a quick scan, producing a list of viruses.
- Prompt victim to run a complete scan, which will produce pre-planned scary list of viruses.
- Suggest to victims to buy and download a full-version of Essential Cleaner to rid them of intruders and protect the system and data.
The Malicious Intent Behind Essential Cleaner
- Get victims to buy a useless security program so the makers of Essential Cleaner make money and have access to credit cards to be used for other malicious purposes. Plus, the useless security program leaves the PC unprotected for further attacks.
- Spy on surfing habits and planted infections and report it to a remote server for malicious intent.
- Steal vital information such as credit card information out of cache or directly from forms accessed over the Internet, including websites touting SSL encryption.
- Exploit the Remote Assistance Tool and give access to a hacker to do whatever he chooses such as:
- Using the PC as a bot to deliver spam emails to others.
- Using the PC as a bot to carry out DNS attacks.
- Spoofing the victim’s email account and spamming everyone on the victim’s contact list.
- Download more malicious programs and carry out further attacks.
Some of the fake alerts you might see are like this:
Warning! 38 Infections Found!!!
Last scan detected malicious programs (2), viruses (26), adware (2), spyware (6), tracking cookies (2)
These harmful programs may cause:
X System Crash
X Permanent data loss
X System Startup Failure
X System Shutdown
X Internet Connection Loss
X Infecting other computers on your network
It is highly recommended that you remove all threats from your computer immediately.
Do not panic since this is a pack of lies! The only threat present on your PC is Essential Cleaner and the malware agents (Trojans, viruses, or worms) helping to carry out the attack. Under no circumstances should you buy or download Essential Cleaner, a rogue security program.
So How Did Your PC Get Infected with Essential Cleaner?
Again, cybercriminals look for cracks in security applications or hardware and study human behavior to lure unwary PC users into loading, installing and executing their malicious programs. So it is possible:
- You clicked on a dubious link on some unsavory website (i.e. porn or gaming site).
- You were spammed and clicked on a link in an IM message.
- You were spammed and clicked on a link or downloaded an infectious email file.
- You downloaded a file for a free program and didn’t realize that cybercriminals love to lace freeware or shareware.
- You downloaded a codec, a component used to view a movie or video.
- You do not have an Internet security program protecting your PC.
- You ignored notifications to upgrade your security program, which often times patch known vulnerabilities.
If you try to remove Essential Cleaner using Task Manager, you may get the following bogus alert:
Using some or all of your applications could present the following error:
Application cannot be executed. The file cmd.exe is infected.
Please activate your anti-virus software.
The best way to remove Essential Cleaner is by rebooting using ‘Safe Mode’ and locating and deleting all associated files. However, Trojans may contain stealth rootkit characteristics, meaning they may be rooted in the very core of your system, such as your BIOS or MBR. Unless you are experienced in deleting registry or system files, you should seek an expert anti-malware and rootkit tool to remove Essential Cleaner safely, or else risk losing your valuable data.
As a safety precaution, you should disconnect your Internet and not use it until all traces of Essential Cleaner have been removed. You should also contact your financial institution and change your security credentials.
Type: Rogue AntiSpyware Programs
How Can You Detect Essential Cleaner?
Essential Cleaner Technical Report
As new Essential Cleaner details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Essential Cleaner:
The following fake error message(s) appears for Essential Cleaner:
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.
Essential Cleaner Removal Details
Essential Cleaner has typically the following processes in memory:
- %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx
- %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll
- %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Essential Cleaner creates the following files in the system:
- %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\
- %UserProfile%\Application Data\Essential Cleaner\cookies.sqlite
- %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof
- %UserProfile%\Application Data\Essential Cleaner\Instructions.ini
- %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\
- %UserProfile%\Application Data\Essential Cleaner\
Essential Cleaner creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ‘1′
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options “Debugger” = “svchost.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = ‘0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1″
- HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = ‘http=127.0.0.1:18810′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Essential Cleaner”