Home Safety Essentials

Home Safety Essentials Description

Type: Rogue AntiSpyware Programs

ScreenshotHome Safety Essentials is a fake security program. Home Safety Essentials was designed to mimic legitimate anti-virus programs while, actually, Home Safety Essentials is a kind of malware infection. Rogue security programs like Home Safety Essentials are usually installed onto an infected computer through a Trojan (e.g., Zlob and Fake Microsoft Security Essentials Alert) which must also be removed. The rogue security program Home Safety Essentials can be easily removed with a fully-updated anti-malware application. ESG PC security advisers recommend starting up your operating system in Safe Mode, to allow a full removal of this harmful malware infection.

Home Safety Essentials is another addition to the FakeVimes family. Other clones of this dangerous program include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
 

How the Home Safety Essentials Scam Works

The Home Safety Essentials scam is a fairly common kind of malware scam. This program simply pretends to be an anti-virus application and tries to convince its victim to pay for a "full version" of Home Safety Essentials. However, the tactics Home Safety Essentials uses to convince Home Safety Essentials' victims are dangerous and can render a computer unusable in a matter of minutes. Home Safety Essentials is not a legitimate anti-virus. Home Safety Essentials is composed mainly of a genuine-looking interface, designed to fool Home Safety Essentials' victims, and a collection of harmful scripts and Trojans. The following computer problems are associated with a Home Safety Essentials infection:

  1. Home Safety Essentials can use up much of your computer's resources, making your operating system unstable or slow.
  2. Home Safety Essentials displays a large number of error messages, fake security alerts, and pop-up notifications from the Task Bar. These cannot be disabled in any way. Home Safety Essentials also displays a fake scan upon start-up. The results of this scan and the fake error messages are all false. ESG PC security advisers strongly recommend ignoring any of Home Safety Essentials' alerts and messages.
  3. Home Safety Essentials alters the Windows Registry in order to start up automatically. This "feature" cannot be turned off.
  4. Home Safety Essentials can block your access to your own executable files, especially those associated with legitimate security programs. It does this to protect itself from removal.
  5. Home Safety Essentials can alter your Internet browser settings, change your home page, and redirect your online activity. This is typically caused by browser hijacking Trojans that are associated with Home Safety Essentials.

Technical Information

File System Details

Home Safety Essentials creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\delfile.dll N/A
2 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\energy.dll N/A
3 %Documents and Settings%\User Name]\Application Data\Home Safety Essentials\ScanDisk_.exe N/A
4 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\SICKBOY.sys N/A
5 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\eb.sys N/A
6 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\runddlkey.exe N/A
7 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\HS2d7_231.exe N/A
8 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\PE.sys N/A
9 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\eb.dll N/A
10 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\pal.sys N/A
11 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\DBOLE.dll N/A
12 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\ppal.drv N/A
13 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk N/A
14 %Documents and Settings%\All Users\HSYITSQGE\HSLGILTOGE.cfg N/A
15 %Documents and Settings%\User Name]\Application Data\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk N/A
16 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\14.mof N/A
17 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\6113.mof N/A
18 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\Quarantine Items N/A
19 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\gid.tmp N/A
20 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk N/A
21 %Documents and Settings%\All Users\HSYITSQGE N/A
22 %Documents and Settings%\User Name]\Application Data\Home Safety Essentials\Instructions.ini N/A
23 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\ N/A
24 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\46.mof N/A
25 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\HSESys N/A
26 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\SICKBOY.drv N/A
27 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\snl2w.drv N/A
28 %Documents and Settings%\User Name]\Desktop\Home Safety Essentials.lnk N/A
29 %Documents and Settings%\User Name]\Application Data\Home Safety Essentials\ N/A
30 %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\CLSV.tmp N/A
31 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\3178.mof N/A
32 %Documents and Settings%\All Users\[RANDOM CHARACTERS]\HSE.ico N/A

Registry Details

Home Safety Essentials creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 avgemc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun 1
HKEY_CURRENT_USER\Software\Classes\LocalSettings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 msseces.exe

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.