SecureExpertCleaner Description

 

 

[+] Click Image to Enlarge

 

 

CartCartCartCartCart

SecureExpertCleaner or Secure Expert Cleaner, is a rogue anti-spyware program often bundled with the Trojan Zlob which is found on fake video codecs. SecureExpertCleaner can also be found on rogue websites that provide a trial for the user to download. Once Zlob is installed, it will generate an enormous amount of fake popups and system notifications stating that the user’s computer is infected with spyware. If the user is tricked into clicking on any of these messages, he/she will be redirected to secureexpertcleaner.com where he/she will be forced to purchase SecureExpertCleaner’s commercial version. SecureExpertCleaner will allege it’s able to remove the spyware found on the user’s computer system, however, this is just another mechanism to push the user into buying its full version.

SecureExpertCleaner’s trial version is also able to generate a computer system scan and display erroneous results to scare the user.

Type: Rogue AntiSpyware Programs

How Can You Detect SecureExpertCleaner?

SecureExpertCleaner Technical Report

As new SecureExpertCleaner details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following SecureExpertCleaner files with its MD5s were created in the system:

SecureExpertCleaner Video Demo

Click on the “How SecureExpertCleaner Infects Your Computer” video to see a SecureExpertCleaner infection in action! See through the eyes of an unsuspecting Internet user while him/her is being victimized by SecureExpertCleaner.

At the end of this video, there’s a link to download SpyHunter’s Free Spyware Scanner. SpyHunter’s Free Spyware Scanner is for detection purposes only. To remove SecureExpertCleaner, you must purchase SpyHunter’s full version.

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how SecureExpertCleaner infects a computer. The video contains clickable buttons.

SecureExpertCleaner has typically the following processes in memory:

• %program_files%\secureexpertcleaner\microsoft.vc80.crt\msvcr80.dll
• %program_files%\secureexpertcleaner\reminder.exe
• SecureExpertCleaner_Installer_Dual_En[2].exe
• QuickInstallPack.exe
• SecureExpertCleaner_Dual_Rezer_En.exe
• %program_files%\secureexpertcleaner\microsoft.vc80.crt\msvcp80.dll
• %program_files%\secureexpertcleaner\unins000.exe
• SecureExpertCleaner_Installer_Dual_En.exe
• SecureExpertCleaner_Pandora_Dual_En.exe
• SecureExpertCleaner_Pandora_Installer_Qip_Dual_En.exe
• %program_files%\secureexpertcleaner\mfc80.dll
• %program_files%\secureexpertcleaner\sec.exe
• CleanerInstaller[1].exe
• SecureExpertCleaner_Pandora_Installer_Qip_Dual_En[1].exe
• %USERPROFILE%\Local Settings\Application Data\qip\iercpt.dll
• sec_free_setup.exe

SecureExpertCleaner created the following directories, files, paths:

• %AppData%\SecureExpertCleaner
• %ProgramFiles%\SecureExpertCleaner
• %AllUsersProfile%\Start Menu\Programs\SecureExpertCleaner

SecureExpertCleaner creates the following registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run secureexpertcleaner
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 displayicon
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 inno setup: icon group
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 inno setup: deselected tasks
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 uninstallstring
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 urlinfoabout
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 urlupdateinfo
• HKEY_LOCAL_MACHINE\software\sec producttid
• HKEY_CURRENT_USER\software\sec producttid
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 quietuninstallstring
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 inno setup: app path
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 inno setup: setup version
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 helplink
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 installlocation
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 norepair
• HKEY_LOCAL_MACHINE\software\sec frun
• SecureExpertCleaner
• HKEY_CURRENT_USER\software\sec
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 displayname
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 inno setup: selected tasks
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 inno setup: user
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 installdate
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\3p_usec_is1 nomodify
• HKEY_LOCAL_MACHINE\software\sec
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform 3p_usec 1.0.7.1

Important Article Disclaimer