Threat Database Rogue Anti-Virus Program Home Security Solutions

Home Security Solutions

Home Security Solutions Image

Regardless of its name, Home Security Solutions is really a Trojan infection that is designed to infect your computer system and then scam you in order to steal your money. This kind of malware is usually known as scareware because of its tactics. Usually, a scareware is designed to prey on inexperienced computer users by scaring them into thinking that their machine is in danger or that they have been caught doing something illegal. Then, Home Security Solutions will offer a solution as long as the victim is willing to pay a certain amount. ESG security researchers advise educating the people in your household and network about these kinds of infections. Scareware like Home Security Solutions usually relies on a user's gullibility as much as Home Security Solutions relies on an unsecured computer system or network. ESG malware analysts recommend removing Home Security Solutions with the help of a reliable anti-malware program and ignoring all messages and claims that this malware program may make.

Home Security Solutions, a member of the FakeScanti family is a fake security program with various clones. Some examples of clones of Home Security Solutions include Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013. As you can see comparing their names, the criminals behind this threat are simply rearranging common words used in anti-virus program names in order to come up with legitimate-sounding titles for their fake security programs.

Understanding the Home Security Solutions Scareware Scam

The Home Security Solutions scam has been around nearly as long as there has been malware. In fact, Home Security Solutions is a simple variation of a scam that con men have been running for centuries. In short, Home Security Solutions will cause your computer system to behave erratically and claim that your computer is afflicted with a severe virus problem. Then, Home Security Solutions will offer to fix the problem after the victim purchases a useless 'full version' of Home Security Solutions. Of course, since it is Home Security Solutions causing the problems itself, paying for its services will simply result in the victim's money disappearing with no solution to the problems Home Security Solutions has caused on the infected computer. This is very similar to a scam that dishonest plumbers and auto mechanics have been perpetrating for decades, in which they will create a problem on purpose in a car's engine or in a water heater and then offer to fix the very problem they caused in exchange for an additional fee.

File System Details

Home Security Solutions may create the following file(s):
# File Name Detections
1. %AppData%\Microsoft\Windows\Recent\pal.sys
2. %AppData%\Microsoft\Windows\Recent\delfile.dll
3. %AppData%\Microsoft\Windows\Recent\runddlkey.exe
4. %AppData%\Microsoft\Windows\Recent\PE.sys
5. %AppData%\Microsoft\Windows\Recent\SICKBOY.sys
6. %AppData%\Microsoft\Windows\Recent\energy.dll
7. %AppData%\Home Security Solutions\ScanDisk_.exe
8. %AppData%\Microsoft\Windows\Recent\DBOLE.dll
9. %AppData%\Microsoft\Windows\Recent\eb.dll
10. %AppData%\Microsoft\Windows\Recent\eb.sys
11. %CommonAppData%\[RANDOM]\[RANDOM].exe
12. %AllUsersProfile%\[RANDOM]\6113.mof
13. %AllUsersProfile%\[RANDOM]\HSE.ico
14. %AllUsersProfile%\HSYITSQGE\
15. %AppData%\Home Security Solutions\
16. %AppData%\Microsoft\Windows\Recent\gid.tmp
17. %AppData%\Microsoft\Windows\Recent\snl2w.drv
18. %AppData%\Microsoft\Internet Explorer\Quick Launch\Home Security Solutions.lnk
19. %Desktop%\Home Security Solutions.lnk
20. %AllUsersProfile%\[RANDOM]\3178.mof
21. %AllUsersProfile%\[RANDOM]\46.mof
22. %AllUsersProfile%\[RANDOM]\Quarantine Items
23. %UserProfile%\Desktop\Home Security Solutions.lnk
24. %AppData%\Microsoft\Windows\Recent\CLSV.tmp
25. %AppData%\Microsoft\Windows\Recent\SICKBOY.drv
26. %AppData%\Microsoft\Windows\Start Menu\Programs\Home Security Solutions.lnk
27. %Programs%\Home Security Solutions.lnk
28. %CommonAppData%\[RANDOM]\[RANDOM].cfg
29. %AllUsersProfile%\[RANDOM]\
30. %AllUsersProfile%\[RANDOM]\14.mof
31. %AllUsersProfile%\[RANDOM]\HSESys
32. %AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg
33. %AppData%\Home Security Solutions\Instructions.ini
34. %AppData%\Microsoft\Windows\Recent\ppal.drv
35. %AppData%\Microsoft\Windows\Start Menu\Home Security Solutions.lnk
36. %StartMenu%\Home Security Solutions.lnk
37. %CommonAppData%\[RANDOM]\HSS.ico

Registry Details

Home Security Solutions may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Home Security Solutions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1"
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"

Trending

Most Viewed

Loading...