Essential Cleaner

Essential Cleaner Description

ScreenshotWhat is worse, buying into a scam and buying a fake anti-virus security tool or upgrading and learning you were duped not once but twice? Well, Essential Cleaner comes from a long line of imposters and fake AV programs, and you should immediately remove Essential Cleaner off your PC.

Essential Cleaner joins MS Removal Tool and its variant MS Removal Tool 2.20, amongst a long line of other rogue security programs. I guess cybercriminals figured they were already mimicking the design and behavior, so why not continue in this lie and offer an upgrade. Well, before you buy an upgrade of Essential Cleaner, why don’t we help you avoid the trap altogether. Essential Cleaner is not a legitimate Windows Microsoft product and was designed solely to cheat you out of money and leave your PC unprotected for future malicious attacks.

After deceptively gaining entry exploiting cracks in Microsoft Security Essentials and good ole human behavior, such as clicking on a dubious link or visiting an unsavory website, the Trojan engineering Essential Cleaner will setup the attack.

The Setup:

  1. Modifies registry settings so that Essential Cleaner runs at every boot.
  2. Adds Essential Cleaner to the list of approved programs to bypass victim's firewall.
  3. Tampers with the victim's Internet security by creating fake infected files and viruses, so the detection and scans will misfire.
  4. Hijacks the victim's browser so they cannot download any helpful anti-malware programs.
  5. Interrupts applications so the victim will believe a security breach has occurred.

The Act – Simulation of Security Breach

  1. Assault victim with pop-ups and alerts.
  2. Slick interface of Essential Cleaner appears and runs a quick scan, producing a list of viruses.
  3. Prompt victim to run a complete scan, which will produce pre-planned scary list of viruses.
  4. Suggest to victims to buy and download a full-version of Essential Cleaner to rid them of intruders and protect the system and data.

The Malicious Intent Behind Essential Cleaner

  1. Get victims to buy a useless security program so the makers of Essential Cleaner make money and have access to credit cards to be used for other malicious purposes. Plus, the useless security program leaves the PC unprotected for further attacks.
  2. Spy on surfing habits and planted infections and report it to a remote server for malicious intent.
  3. Steal vital information such as credit card information out of cache or directly from forms accessed over the Internet, including websites touting SSL encryption.
  4. Exploit the Remote Assistance Tool and give access to a hacker to do whatever he chooses such as:
    • Using the PC as a bot to deliver spam emails to others.
    • Using the PC as a bot to carry out DNS attacks.
    • Spoofing the victim’s email account and spamming everyone on the victim’s contact list.
    • Download more malicious programs and carry out further attacks.

Some of the fake alerts you might see are like this:

Warning! 38 Infections Found!!!
Last scan detected malicious programs (2), viruses (26), adware (2), spyware (6), tracking cookies (2)
These harmful programs may cause:
X System Crash
X Permanent data loss
X System Startup Failure
X System Shutdown
X Internet Connection Loss
X Infecting other computers on your network
It is highly recommended that you remove all threats from your computer immediately.

Do not panic since this is a pack of lies! The only threat present on your PC is Essential Cleaner and the malware agents (Trojans, viruses, or worms) helping to carry out the attack. Under no circumstances should you buy or download Essential Cleaner, a rogue security program.

So How Did Your PC Get Infected with Essential Cleaner?

Again, cybercriminals look for cracks in security applications or hardware and study human behavior to lure unwary PC users into loading, installing and executing their malicious programs. So it is possible:

  1. You clicked on a dubious link on some unsavory website (i.e. porn or gaming site).
  2. You were spammed and clicked on a link in an IM message.
  3. You were spammed and clicked on a link or downloaded an infectious email file.
  4. You downloaded a file for a free program and didn’t realize that cybercriminals love to lace freeware or shareware.
  5. You downloaded a codec, a component used to view a movie or video.
  6. You do not have an Internet security program protecting your PC.
  7. You ignored notifications to upgrade your security program, which often times patch known vulnerabilities.

If you try to remove Essential Cleaner using Task Manager, you may get the following bogus alert:

Warning!
Name: taskmgr.exe
Name: C:\WINDOWS\taskmgr.exe

Using some or all of your applications could present the following error:

Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your anti-virus software.

The best way to remove Essential Cleaner is by rebooting using 'Safe Mode' and locating and deleting all associated files. However, Trojans may contain stealth rootkit characteristics, meaning they may be rooted in the very core of your system, such as your BIOS or MBR. Unless you are experienced in deleting registry or system files, you should seek an expert anti-malware and rootkit tool to remove Essential Cleaner safely, or else risk losing your valuable data.

As a safety precaution, you should disconnect your Internet and not use it until all traces of Essential Cleaner have been removed. You should also contact your financial institution and change your security credentials.

Do You Suspect Your PC May Be Infected with Essential Cleaner & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Essential Cleaner as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Essential Cleaner Image 1 Essential Cleaner Image 2 Essential Cleaner Image 3 Essential Cleaner Image 4 Essential Cleaner Image 5 Essential Cleaner Image 6 Essential Cleaner Image 7

File System Details

Essential Cleaner creates the following file(s):
# File Name Size MD5
1 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx
2 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll
3 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\
5 %UserProfile%\Application Data\Essential Cleaner\cookies.sqlite
6 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof
7 %UserProfile%\Application Data\Essential Cleaner\Instructions.ini
8 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\
9 %UserProfile%\Application Data\Essential Cleaner\
10 %ALLUSERSPROFILE%\Application Data\p7803BkEjIjK1670.exe 415,232 561fd0942de908fa9e91e1551b1d8b3d
More files

Registry Details

Essential Cleaner creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"
HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = ‘http=127.0.0.1:18810'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Essential Cleaner"

More Details on Essential Cleaner

The following messages associated with Essential Cleaner were found:
Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

2 Comments

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.