Home Security Solutions can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Home Security Solutions. Finally, all the file related to Home Security Solutions must be deleted from the hard drive. All of them has been shown in the removal guide below.
The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Home Security Solutions on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.
Home Security Solutions should be removed immediately!
Home Security Solutions Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Delete Registry
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262}
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Enable LUA "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Security Solutions"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Remove Folders and Files
%AllUsersProfile%\[RANDOM]
%AllUsersProfile%\HSYITSQGE
%AppData%\Home Security Solutions
%AppData%\Microsoft\Windows\Recent\DBOLE.dll
%AppData%\Microsoft\Windows\Recent\CLSV.tmp
%AppData%\Microsoft\Windows\Recent\gid.tmp
%AppData%\Microsoft\Windows\Recent\eb.dll
%AppData%\Microsoft\Windows\Recent\delfile.dll
%AppData%\Microsoft\Windows\Recent\eb.sys
%AppData%\Microsoft\Windows\Recent\energy.dll
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Security Solutions.lnk
The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Home Security Solutions on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.
Home Security Solutions should be removed immediately!
Home Security Solutions Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Delete Registry
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262}
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Enable LUA "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Security Solutions"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Remove Folders and Files
%AllUsersProfile%\[RANDOM]
%AllUsersProfile%\HSYITSQGE
%AppData%\Home Security Solutions
%AppData%\Microsoft\Windows\Recent\DBOLE.dll
%AppData%\Microsoft\Windows\Recent\CLSV.tmp
%AppData%\Microsoft\Windows\Recent\gid.tmp
%AppData%\Microsoft\Windows\Recent\eb.dll
%AppData%\Microsoft\Windows\Recent\delfile.dll
%AppData%\Microsoft\Windows\Recent\eb.sys
%AppData%\Microsoft\Windows\Recent\energy.dll
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Security Solutions.lnk
No comments:
Post a Comment