Home Safety Essentials

Home Safety Essentials Image

Home Safety Essentials is a fake security program. Home Safety Essentials was designed to mimic legitimate anti-virus programs while, actually, Home Safety Essentials is a kind of malware infection. Rogue security programs like Home Safety Essentials are usually installed onto an infected computer through a Trojan (e.g., Zlob and Fake Microsoft Security Essentials Alert) which must also be removed. The rogue security program Home Safety Essentials can be easily removed with a fully-updated anti-malware application. ESG PC security advisers recommend starting up your operating system in Safe Mode, to allow a full removal of this harmful malware infection.

Home Safety Essentials is another addition to the FakeVimes family. Other clones of this dangerous program include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
 

How the Home Safety Essentials Scam Works

The Home Safety Essentials scam is a fairly common kind of malware scam. This program simply pretends to be an anti-virus application and tries to convince its victim to pay for a "full version" of Home Safety Essentials. However, the tactics Home Safety Essentials uses to convince Home Safety Essentials' victims are dangerous and can render a computer unusable in a matter of minutes. Home Safety Essentials is not a legitimate anti-virus. Home Safety Essentials is composed mainly of a genuine-looking interface, designed to fool Home Safety Essentials' victims, and a collection of harmful scripts and Trojans. The following computer problems are associated with a Home Safety Essentials infection:

  1. Home Safety Essentials can use up much of your computer's resources, making your operating system unstable or slow.
  2. Home Safety Essentials displays a large number of error messages, fake security alerts, and pop-up notifications from the Task Bar. These cannot be disabled in any way. Home Safety Essentials also displays a fake scan upon start-up. The results of this scan and the fake error messages are all false. ESG PC security advisers strongly recommend ignoring any of Home Safety Essentials' alerts and messages.
  3. Home Safety Essentials alters the Windows Registry in order to start up automatically. This "feature" cannot be turned off.
  4. Home Safety Essentials can block your access to your own executable files, especially those associated with legitimate security programs. It does this to protect itself from removal.
  5. Home Safety Essentials can alter your Internet browser settings, change your home page, and redirect your online activity. This is typically caused by browser hijacking Trojans that are associated with Home Safety Essentials.

File System Details

Home Safety Essentials may create the following file(s):
# File Name Detections
1. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\delfile.dll
2. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\energy.dll
3. %Documents and Settings%\User Name]\Application Data\Home Safety Essentials\ScanDisk_.exe
4. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\SICKBOY.sys
5. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\eb.sys
6. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\runddlkey.exe
7. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\HS2d7_231.exe
8. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\PE.sys
9. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\eb.dll
10. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\pal.sys
11. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\DBOLE.dll
12. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\ppal.drv
13. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk
14. %Documents and Settings%\All Users\HSYITSQGE\HSLGILTOGE.cfg
15. %Documents and Settings%\User Name]\Application Data\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk
16. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\14.mof
17. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\6113.mof
18. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\Quarantine Items
19. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\gid.tmp
20. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk
21. %Documents and Settings%\All Users\HSYITSQGE
22. %Documents and Settings%\User Name]\Application Data\Home Safety Essentials\Instructions.ini
23. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\
24. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\46.mof
25. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\HSESys
26. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\SICKBOY.drv
27. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\snl2w.drv
28. %Documents and Settings%\User Name]\Desktop\Home Safety Essentials.lnk
29. %Documents and Settings%\User Name]\Application Data\Home Safety Essentials\
30. %Documents and Settings%\User Name]\Application Data\Microsoft\Windows\Recent\CLSV.tmp
31. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\3178.mof
32. %Documents and Settings%\All Users\[RANDOM CHARACTERS]\HSE.ico

Registry Details

Home Safety Essentials may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 avgemc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun 1
HKEY_CURRENT_USER\Software\Classes\LocalSettings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 msseces.exe

Trending

Most Viewed

Loading...