(3 votes, average: 4.33 out of 5)
Loading ...|
|
Tweet |  More |
Home Malware Cleaner Description
Home Malware Cleaner, a fake security application, is a clone of Strong Malware Defender. According to ESG security researchers, Home Malware Cleaner is a fairly common example of how a rogue security program operates, not at all different from well-known fake security programs like Strong Malware Defender, Windows Steady Work, Windows Smart Warden, Windows Functionality Checker, Antivirus Pro 2012 and hundreds of similar fake security applications. All of these bogus security programs operate under the same principle: to fool inexperienced computer users into buying useless fake security applications. To do this, Home Malware Cleaner displays a fake system scan claiming that the victim’s computer has become compromised, severely infected with a long list of malware clearly pulled from a virus encyclopedia.
Home Malware Cleaner also makes changes to the Windows Registry which allow Home Malware Cleaner to spam its victims with a barrage of fake security alerts, pop-up notifications and error messages that appear to come from Windows or Microsoft Security Center itself. It is important to understand that Home Malware Cleaner has absolutely no real anti-malware capabilities. This program is designed to display false positives and to entice its victims into giving up their credit card information. Because of this, ESG security researchers energetically recommend that computer users do not give Home Malware Cleaner their credit card detail; instead, use a reliable anti-malware tool to remove any trace of Home Malware Cleaner from their computer system. If you have already disclosed your credit card information, you may still be able to dispute the charges by claiming that they were made by a highly-known online scam.
Recognizing Home Malware Cleaner for What It Really Is
While experienced computer users will immediately spot the Home Malware Cleaner scam, inexperienced computer users may find it difficult to differentiate Home Malware Cleaner from reliable anti-malware software. Some aspects about Home Malware Cleaner that should set off an alarm include the following:
- Home Malware Cleaner is installed against the computer user’s authorization or as a result of intrusive pop-up windows.
- Home Malware Cleaner cannot be removed through normal means, reinstalling itself when Windows is rebooted or crashing during the uninstallation process.
- Home Malware Cleaner will display a long list of malware infections but will fail to provide details or solve the problems in any way even if the victim pays for a ‘full version’.
- Home Malware Cleaner will affect the victim’s computer in other ways, such as making it run slowly or interfering with other applications.
Type: Rogue AntiSpyware Programs
How Can You Detect Home Malware Cleaner?
Download SpyHunter’s Detection Scanner
to Detect Home Malware Cleaner.
Can’t install SpyHunter? Click here to view possible causes of installation issues.
Home Malware Cleaner Technical Report
As new Home Malware Cleaner details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Home Malware Cleaner:
The following fake error message(s) appears for Home Malware Cleaner:
Warning! Access conflict detected!
An unidentified program is trying to access system process address space.
Process Name: AllowedForm
Location: C:Windows… askmgr.exeWarning! Identity theft attempt detected
System Alert
malicious applications, which may contain Trojans, were found on your computer and are able to be removed immediately. Click here to remove these potentially harmful items using Home Malware Cleaner.
Home Malware Cleaner Removal Details
Home Malware Cleaner has typically the following processes in memory:
- %AllUsersProfile%\Application Data\5c678c\HM5c6_8010.exe
- %CommonAppData%\79b35\HMa76.exe
- %UserProfile%\Recent\CLSV.exe
- %UserProfile%\Recent\tempdoc.sys
- %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- %AllUsersProfile%\Application Data\5c678c\sqlite3.dll
- %CommonAppData%\79b35\mozcrt19.dll
- %UserProfile%\Recent\PE.exe
- %AppData%\Home Malware Cleaner\ScanDisk_.exe
- %AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
- %CommonAppData%\79b35\sqlite3.dll
- %UserProfile%\Recent\grid.exe
Home Malware Cleaner creates the following files in the system:
- %Desktop%\Home Malware Cleaner.lnk
- %AppData%\Home Malware Cleaner\cookies.sqlite
- %StartMenu%\Home Malware Cleaner.lnk
- %AllUsersProfile%\Application Data\5c678c\51.mof
- %AllUsersProfile%\Application Data\5c678c\BackUp\
- %CommonAppData%\79b35\HMC.ico
- %StartMenu%\Programs\Home Malware Cleaner.lnk
- %UserProfile%\Recent\DBOLE.tmp
- %UserProfile%\Recent\eb.tmp
- %UserProfile%\Recent\PE.drv
- %UserProfile%\Recent\SICKBOY.tmp
- %AppData%\Microsoft\Internet Explorer\Quick Launch\Home Malware Cleaner.lnk
- %CommonAppData%\[RANDOM CHARACTERS]\ASE.ico
- %Programs%\Home Malware Cleaner.lnk
- %AllUsersProfile%\Application Data\HMEMLLCC\HMFLAAC.cfg
- %AllUsersProfile%\Application Data\5c678c\
- %AllUsersProfile%\Application Data\5c678c\Quarantine Items\
- %CommonAppData%\HMJFZWC\HMXBXWJCMC.cfg
- %UserProfile%\Recent\ANTIGEN.drv
- %UserProfile%\Recent\exec.drv
- %UserProfile%\Recent\PE.tmp
- %UserProfile%\Recent\tempdoc.drv
- %AppData%\Home Malware Cleaner\Instructions.ini
- %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].cfg
- %AppData%\Home Malware Cleaner\
- %AllUsersProfile%\Application Data\HMEMLLCC\
- %AllUsersProfile%\Application Data\5c678c\HMC.ico
- %AllUsersProfile%\Application Data\5c678c\HMCSys\
- %CommonAppData%\79b35\6543.mof
- %UserProfile%\Desktop\Home Malware Cleaner.lnk
- %UserProfile%\Recent\energy.tmp
- %UserProfile%\Recent\fix.drv
- %UserProfile%\Recent\tjd.drv
Home Malware Cleaner creates the following registry entries:
- HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exe\Debugger = svchost.exe
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=8010&q={searchTerms}”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe
- HKEY_CLASSES_ROOT\dumped_patched.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “ltHI” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “UID” = 8010
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = 1
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “2″ = “ekrn.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “5″ = “avcenter.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “8″ = “avgui.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “11″ = “avgcfgex.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “14″ = “avgcmgr.exe”
- HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Debugger = svchost.exe
- HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF} Default = Implements DocHostUIHandler LocalServer32 = %AllUsersProfile%\Application Data\5c678c\HM5c6_8010.exe ProgID = HM5c6_8010.DocHostUIHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “IIL” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “ltTST”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “DisallowRun” = 1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Home Malware Cleaner”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “1″ = “MSASCui.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “4″ = “avgnt.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “7″ = “avgfrw.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “10″ = “avgscanx.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “13″ = “avgchsvx.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Home Malware Cleaner” “%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” /s /d
- HKEY_LOCAL_MACHINE\Software\Classes\HM5c6_8010.DocHostUIHandler Default = Implements DocHostUIHandler Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
- HKEY_CURRENT_USER\Software\3
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=8010&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “runtime 13.08010″
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “0″ = “msseces.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “3″ = “egui.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “6″ = “avscan.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “9″ = “avgtray.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “12″ = “avgemc.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “15″ = “avgwdsvc.exe”
Important Article Disclaimer
Home Malware Cleaner
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.