Posts Comments

My Security Engine Virus

By admin on May 4, 2010 Leave a Comment

My Security Engine is a rogue anti-spyware application related to the well-known malware programs Cleanup Antivirus and Security Guard. Similarly to its relatives, My Security Engine tries to trick the user into paying for the license of the software. This malware application gets installed via Trojans that get downloaded by exploiting security weaknesses in user systems. Once installed, My Security Engine begins to perform endless fake security scans on the system, returning results that show that the computer is under threat from many non-existent malicious programs. It also displays and endless stream of fake warning pop-ups from the Windows taskbar warning about how much of the threat the user’s system is facing. The aim of all this activity is to try and trick the user in to purchasing a software license for the ‘full’ version of My Security Engine by claiming that the currently installed ‘trial’ version is insufficient to completely scan the system. System Security puts this request forward through its very authentic-looking GUI, through the warning pop-ups, and at the end of each fake scan. However, it must be noted that the so-called ‘full’ version is just as incapable of scanning or cleaning out any malware from any computer system as the ‘trial’ version is.

My Security Engine

My Security Engine

» Download My Security Engine Removal Software

As soon as you find a copy of this malicious software installed on your computer, you should take steps to delete My Security Engine. My Security Engine removal involves the stopping of processes, deregistering of DLLs, deletion of files and folders and the removal of registry entries.

My Security Engine Manual Removal Procedures

The first step you must take in order to remove My Security Engine is to stop the following processes:

  • MS345d.exe
  • PE.exe

The next step in My Security Engine removal is to unregister the following DLL files:

  • pal.dll
  • PE.dll
  • gid.dll
  • exec.dll
  • energy.dll
  • ANTIGEN.dll
  • CLSV.dll
  • mozcrt19.dll
  • sqlite3.dll

Next, it is necessary to remove the following files and folders:

Delete My Security Engine Files

Windows XP:

  • c:\Documents and Settings\All Users\Application Data\345d567
  • c:\Documents and Settings\All Users\Application Data\345d567\2322.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
  • c:\Documents and Settings\All Users\Application Data\345d567\MSESys\
  • c:\Documents and Settings\All Users\Application Data\345d567\MSESys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
  • c:\Documents and Settings\All Users\Application Data\MSHOLE\
  • c:\Documents and Settings\All Users\Application Data\MSHOLE\MSJKEJCCE.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
  • %UserProfile%\Application Data\My Security Engine\
  • %UserProfile%\Application Data\My Security Engine\cookies.sqlite
  • %UserProfile%\Application Data\My Security Engine\Instructions.ini
  • %UserProfile%\Desktop\My Security Engine.lnk
  • %UserProfile%\Recent\ANTIGEN.dll
  • %UserProfile%\Recent\CLSV.dll
  • %UserProfile%\Recent\eb.sys
  • %UserProfile%\Recent\energy.dll
  • %UserProfile%\Recent\exec.dll
  • %UserProfile%\Recent\exec.drv
  • %UserProfile%\Recent\exec.tmp
  • %UserProfile%\Recent\gid.dll
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\kernel32.tmp
  • %UserProfile%\Recent\pal.dll
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\ppal.drv
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.sys
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\My Security Engine.lnk
  • %UserProfile%\Start Menu\Programs\My Security Engine.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml
  • %Documents and Settings%\All Users\Application Data\e4a12b7
  • %Temp%\del.bat

Windows Vista/7:

  • c:\%User%\ AppData\345d567
  • c:\ %User%\ AppData \345d567\2322.mof
  • c:\ %User%\ AppData \345d567\mozcrt19.dll
  • c:\ %User%\ AppData \345d567\MS345d.exe
  • c:\ %User%\ AppData \345d567\MSE.ico
  • c:\ %User%\ AppData \345d567\sqlite3.dll
  • c:\ %User%\ AppData \345d567\BackUp\
  • c:\ %User%\ AppData \345d567\MSESys\
  • c:\ %User%\ AppData \345d567\MSESys\vd952342.bd
  • c:\ %User%\ AppData \345d567\Quarantine Items
  • c:\ %User%\ AppData \MSHOLE\
  • c: %User%\ AppData \MSHOLE\MSJKEJCCE.cfg
  • %User%\ AppData \Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
  • %User%\ AppData \My Security Engine\
  • %User%\ AppData \My Security Engine\cookies.sqlite
  • %User%\ AppData \My Security Engine\Instructions.ini
  • %User%\ AppData \My Security Engine.lnk
  • %UserProfile%\Recent\ANTIGEN.dll
  • %UserProfile%\Recent\CLSV.dll
  • %UserProfile%\Recent\eb.sys
  • %UserProfile%\Recent\energy.dll
  • %UserProfile%\Recent\exec.dll
  • %UserProfile%\Recent\exec.drv
  • %UserProfile%\Recent\exec.tmp
  • %UserProfile%\Recent\gid.dll
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\kernel32.tmp
  • %UserProfile%\Recent\pal.dll
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\ppal.drv
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.sys
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\My Security Engine.lnk
  • %UserProfile%\Start Menu\Programs\My Security Engine.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml
  • %User%\ AppData \e4a12b7
  • %Temp%\del.bat

My Security Engine Registry Removal Procedures

File removal alone is not sufficient to completely remove My Security Engine. In order to ensure complete My Security Engine removal, it is necessary to delete the following keys and settings from the registry as well:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “%CommonAppData%\e4a12b7\MySecurityEngine.exe”
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = http://findgala.com/?&uid=195&q={searchTerms}

Once the above steps have been completed you have successfully removed My Security Engine from your system.

My Security Engine Directories:

  • c:\ %User%\ AppData \345d567\
  • XP: c:\Documents and Settings\All Users\Application Data\345d567

Outside Resources:

http://www.precisesecurity.com/rogue/my-security-engine

http://www.bleepingcomputer.com/virus-removal/remove-my-security-engine

Filed Under: Virus Removal Tagged With: , , , , , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.