Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Friday, April 23, 2010

How to remove My Security Engine (Uninstall guide)

Tell your friends:
My Security Engine is a rogue anti-virus program that may cause serious system performance issues on your computer. This fake program is from the same family as CleanUp Antivirus malware. It performs fake system scan and reports false system security threats to make you think that your computer is infected with malicious software (spyware, adware, Trojans and etc.). The scan results are false. My Security Engine creates numerous harmless files upon installation and then flags those files as infected ones. How rude. Finally, it asks to pay for a full version of the program to remove the infections which don't exist. In other words, MySecurityEngine is a scam.



My Security Engine video: (thanks to rogueamp)


If you are reading this article, then your computer is probably infected with this scareware. Thankfully, we've got removal instructions to help. This fake program can be removed from your computer for free using legitimate and reputable anti-malware applications. Please follow the removal instructions below.

You may wonder how you got infected with this badware? Well, usually, such fake programs as My Security Engine come from fake online scanners, misleading online video websites or any other compromised/malicious website. It may come bundled with other malware too. Please also note that cyber criminals promote their bogus products on popular social networks. Once installed, the rogue program displays fake warnings about infected files and possible attacks from a remote computer. Some of the fake warnings read:

"Your PC may still be infected with dangerous viruses. My Security Engine protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection."

"My Security Engine has detected potentially harmful software in your system. It is strongly recommended that you register My Security Engine to remove all found threats immediately. "

Furthermore, MySecurityEngine will modify Windows Hosts file and hijack Internet Explorer. You will be redirected to various misleading websites. There is a chance that you won't be able to visit certain security related websites and your search queries will be redirected to findgala.com.

It goes without saying that you should uninstall My Security Engine from your computer as soon as possible. Most importantly, don't purchase it. If you have already purchased it, then please contact your credit card company and dispute the charges. If you have any questions or additional information about this malware please don't hesitate and leave a comment. Good luck and be safe!


My Security Engine removal instructions (method #1):

Download one of the following legitimate anti-malware applications and run a quick system scan. Don't forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.


Removing My Security Engine in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.

My Security Engine files and registry values:

Folders and files:
  • C:\Documents and Settings\All Users\Application Data\345d567
  • C:\Documents and Settings\All Users\Application Data\345d567\2322.mof
  • C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
  • C:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
  • C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • C:\Documents and Settings\All Users\Application Data\MSHOLE\
  • %UserProfile%\Application Data\My Security Engine\
  • C:\Program Files\Mozilla Firefox\searchplugins\search.xml
Registry values:
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"

Share this information with other people:

9 comments:

Anonymous said...

Excellent guide! well done
makes a change from all those websites selling Spyware doctor to those pc owners afraid of the Pig screaming!

Anonymous said...

Spybot S&D has not removed "my security engine" now what.

Anonymous said...

Thank you! Method #1 with MalwareBytes (the free download version), and renaming the exe file worked absolutely perfectly. I highly recommend this program. Many thanks for this post.

Kelsey said...

OMG dl MalwareBytes Anti-Malware. It removed'my secureity engine"!!! I've spent 4 hours trying to get rid of it!

Anonymous said...

My $.02 Malwarebytes found 784 threats after this infection, and removed them.

Anonymous said...

Thanks so much. It "kill" the malware in no time using the suggested freeware. AWESOME!

Anonymous said...

THANK YOU VERY MUCH.. amazing, easy way. It directly removed my security engine

Anonymous said...

THANK YOU VERY MUCH ... amazing, easy way
It directly removed my security engine

Anonymous said...

ok....i have used malbyte's malware program....does not show being infected. I have also done this in safe mode. I have check the registry for the appropriate entries...non found. I even deleted and entered a HOSTS file (as was suggested on another site). I do not find any programs that could be removed with the windows remove program options. However, when I try to install PCTOOLS Internet Security, it still shows "My Search Engine" on a list of contradicting programs that need to be removed before installation can occur. What do I need to do next?