Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Saturday, February 13, 2010

How to remove My Security Wall fake antivirus program? (Uninstall guide)

Tell your friends:
My Security Wall is a fake anti-virus program. It's a clone of Security Antivirus which is of course fake software too. If you are reading this article then your computer is probably infected with MySecurityWall virus. So, what does this fake program do and how to remove it? In short, My Security Wall is classified as a rogue security application because it reports false scan results, displays fake warnings, hijacks web browser and disables particular system tools (Task Manager, Regedit and etc.).

It uses these methods in order to scare you and make you think that your computer is infected with Trojans, worms and other viruses when in reality the only infection is the MySecurity Wall itself. The fake program asks to pay for a full version of the program to remove the treats and to protect your computer. That's clearly a scam. Don't purchase this bogus software and remove My Security Wall from your as soon as possible. Please read further to find out how to remove this fake software for free.



My Security Wall video: (thanks to rogueamp)


The rogue program is promoted through the use of malicious software (usually Trojans). Trojans come from fake online "My Computer" scanners, misleading videos websites. My Security Wall is also promoted using social engineering. You shouldn't click on any links that you receive from people you don't know on Facebook, MySpace and similar sites. Once installed, this fake program creates numerous fake and harmless files on your computer, just like Security Antivirus malware does. Both fake programs drop the same files in UserProfile%\Recent\ directory: ANTIGEN.exe, cid.dll, PE.drv, ANTIGEN.drv, DBOLE.sys, CLSV.drv, ddv.dll, FS.drv, ddv.sys, energy.tmp, gid.drv, PE.exe, PE.sys, PE.tmp, tjd.drv, ANTIGEN.drv, runddlkey.dll std.exe.

Furthermore, MySecurityWall displays fake warnings and pop ups claiming that your computer is infected. Fake alerts state:

"System alert!
malicious applications, which may contains Trojans, were found
on your computer and are to be removed immediately. Click
here to remove these potentially harmful items using My
Security Wall"


"Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using My Security Wall.
Click here to remove all potentially harmful programs found immediately using My Security Wall."





The biggest problem is that this virus blocks legitimate anti-virus and anti-spyware programs. It also disables Task Manager and other useful Windows system tools. Last, but not least, it modifies Windows Hosts file and adds many malicious lines. Because of that you will be constantly redirected to various bogus websites full of ads and false information or even porn sites. Search results will be probably redirected to findgala.com. As you can see, My SecurityWall is a total scam and serious threat. Get rid of it immediately. If you have purchased it, then you should contact your credit card company as soon as possible and dispute the charges. Read My Security Wall removal instructions below. Good luck and be safe!



My Security Wall removal instructions (method #1):

Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.



Removing My Security Wall in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.


My Security Wall files and registry values:

Folders and files:
  • C:\Documents and settings\All Users\ Application Data\25def\
  • C:\Documents and settings\All Users\ Application Data\25def\72.mof
  • C:\Documents and settings\All Users\ Application Data\25def\mozcrt19.dll
  • C:\Documents and settings\All Users\ Application Data\25def\MA3S5f.exe
  • C:\Documents and settings\All Users\ Application Data\25def\SAV.ico
  • C:\Documents and settings\All Users\ Application Data\25def\sqlite3.dll
  • C:\Documents and Settings\All Users\Application Data\MEXCIRFZ\
  • C:\Windows\System32\MSWSys\
  • %UserProfile%\Application Data\My Security Wall
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.exe
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.drv
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\gid.drv
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\runddlkey.dll
  • %UserProfile%\Recent\std.exe
  • %UserProfile%\Recent\tjd.drv
  • %UserProfile%\Recent\tjd.sys
  • C:\Program Files\Mozilla Firefox\searchplugins\search.xml
Registry values:
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Build/13.00007"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Wall"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
  • HKEY_CLASSES_ROOT\xp_5f014.DocHostUIHandler

Share this information with other people:

1 comments:

Anonymous said...

method #2 so far so good