Friday 19 August 2011

How to Remove Home Safety Essentials (Uninstall Guide)

Home Safety Essentials is a rogue anti-virus program that misleads users into paying for fake removal of malware. This particular fraudware creates numerous harmless files on the computer and detects them as spyware, trojans and other viruses during a fake system scan. Other fake security programs usually have predefined list of supposed infections stored in text/data files or hard coded into the malicious program. Very often cyber-crooks employ social engineering tactics to defeat legitimate antivirus software and to trick users into installing this fraudware. However, this fake AV is also being distributed via infected websites, email attachments and fake online virus scanners. Despite a dramatic drop in the number of users reporting rogueware detections in the last few weeks, Home Safety Essentials and orher fake anti-virus programs are still being distributed, so don't assume you're not at risk. Besides, if you are reading this article, your computer is probably infected with this malware. To remove Home Safety Essentials and associated malware from your computer, please follow the removal instructions below.



After the fake scan, Home Safety Essentials will prompt you to pay for a full version of the program to remove the infections that do not even exist. Don't purchase it! Otherwise you will lose your money and give your credit card details to cyber crooks. It's worth mentioning that cyber criminals may sold gathered information on underground carding forums, so if you though that Home Safety Essentials was a genuine Windows security products and purchased it, you should contact your credit card company and dispute the charges. If you're lucky enough you may get your money back because cyber criminals are forced to return certain percent of money in order to stay in business. While running, Home Safety Essentials will also display numerous fake security alerts and pop-up notifications claiming that your computer is either infected by Trojans or under attack from a remove server. Do not fall for this scam! Another frustrating thing about this infection is that Home Safety Essentials configures Windows to use a proxy server over a LAN connection. You may not be able to visit certain websites or download malaware removal tools. In order to remove Home Safety Essentials you will have to restart your computer in safe mode with networking and disable a proxy server. Last, but not least, it may modify Windows Hosts file. Check if it's OK too. For more information, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. And remember, don't rely only on your antivirus software because anti-virus is still a poor substitute for common sense. Good luck and be safe online!

Related malware:

Home Safety Essentials removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.



3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternate Home Safety Essentials removal instructions using HijackThis or Process Explorer (in Normal mode):

1. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.



2. Download Process Explorer.
3. Rename procexp.exe to iexplore.exe and run it. Look for similar process in the list and end it:
  • BFq5ac_179.exe
OR download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it. Search for similar entries in the scan results:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:24565
O4 - HKCU\..\Run: [Home Safety Essentials] "C:\Documents and Settings\All Users\Application Data\a4g8q1\BFq5ac_179.exe" /s /d
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Associated Home Safety Essentials files and registry values:

Files:

Windows XP
  • C:\Documents and Settings\All Users\Application Data\a4g8q1\
  • C:\Documents and Settings\All Users\Application Data\a4g8q1\BFq5ac_179.exe
  • C:\Documents and Settings\All Users\Application Data\a4g8q1\HSESys
  • C:\Documents and Settings\All Users\Application Data\a4g8q1\Quarantine Items
  • C:\Documents and Settings\All Users\Application Data\a4g8q1\HSE.ico
  • C:\Documents and Settings\[UserName]\Application Data\Home Safety Essentials\
Windows Vista/7
  • C:\ProgramData\a4g8q1\
  • C:\ProgramData\a4g8q1\HSESys
  • C:\ProgramData\a4g8q1\Quarantine Items
  • C:\ProgramData\a4g8q1\BFq5ac_179.exe
  • C:\ProgramData\a4g8q1\HSE.ico
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Home Safety Essentials
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Safety Essentials"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=247&q={searchTerms}
Share this information with other people:

No comments:

Post a Comment