Microsoft Security Essentials Alert (FAKE)

FAKE Microsoft Security Essentials Alert : Fake security clients and warnings are nothing new. However this is the first time I have seen this exact type of scam run. This Microsoft Security Essentials Alert removal guide will show you exactly how to remove Microsoft Security Essentials Alert when it's fro mthe fake client.

How to Tell if You have the FAKE Microsoft Security Essentials Alert?

It's rather easy. When you first bootup your computer and you get the warning about your computer being infected as well as a blue background with nothing else, you are infected with the FAKE Microsoft Security Essentials Alert message.

If you were to hit the clean button you then get instructed to hit the scan button. Once you hit the scan button you are taken to a landing page that looks appears to be scanning the so called virus that you are infected with. Not surprising it will show 5 security clients that can "Remove" this virus. The thing is all 5 of those are FAKE security clients. It's all a scam and far better than most others that are out there.

As always RemoveVirus.org has your back. We created a step by step video below that is SUPER EASY TO FOLLOW. It worked on all test comptuer that we tried it on and should work for you as well.

FAKE Microsoft Security Essentials Alert

Microsoft Security Essentials Alert

» Download Removal Software

 

Microsoft Security Essentials Alert Removal Video

Microsoft Security Essentials Alert

 

HELP US:  We took the time to make this video and help you.  Please rate us on http://www.mywot.com/en/scorecard/removevirus.org .  It will only take you a minute to register and add a comment.  We would also welcome any posative facebook or social bookmark comments.

Vista / Windows 7 file path

C:\Users\YOUR-USE-NAME\AppData\Roaming\hotfix.exe

XP file path

c:/Documents and Setting/USERNAME/Application Data/hotfix.exe

Keep in mind that AppData is a hidden folder.  You can either manuly type in the file path or show hidden files and folders via the Control Panel under Folder Options

If you can not follow the advice in the video and execute the "explorer.exe command via the Task Manager I would recommend you boot into safe mode and manually browse down to the file path we have shown above.

BE SURE to run a full antivirus scan after you have removed this threat. You need to make sure you are not infected with anything else. We recommend you download Spyware Doctor with Antivirus

Conclusion

 

Related Article Keywords: FAKE Microsoft Security Essentials Alert, Remove Microsoft Security Essentials Alert, Microsoft Security Essentials Alert Removal,Microsoft Security Essentials Alert

As always please post updates to the file traces. If yours are different then other users will find it helpful.

IF you ask for help in the comments section you will get it.  However we need to know a few basic things

1.  What Operating System are you using?

2. What step in the guide are you having trouble with?

3.  What steps you have already completed?

Comments

  1. technical admin says

    you can always just manually browse to the file directory shown in the guide and attempt to delete or rename the threat.

    You may be able to boot into safe mode and run a security scan there as well.

  2. Thanks for the earlier response to my question (#18). The problem is there is no tab. I do ctrl+alt+del and click on task manager and performance opens with no tabs or no other way to get to the processes tab. I right click on it…nothing. Left click on it…nothing. And there are no other tabs. Sorry it took so long to get back to you by the way. Thanks for any help you can give me

  3. Just wanted to say THANK YOU for the great video. My parent’s computer was infected with this little bugger. I followed the video ………. had to improvise a little as it wouldn’t let me delete ……….. and changed the name. As soon as I rebooted, AVG caught the thing & it’s no longer of this computer! Thanks Again!

  4. The computer infected has microsoft windows xp. I have tried to go into task manager but I am blocked every time, even when i click control alt delete as soon as i login. I tried safe mode but I didnt see anything like files come up. I am no comp expert so would appreciate any help. Thanks.

  5. Hello, I had this Fake Alert and I did not realize it. Thought I was using Microsoft Essentials to “clean” the problem. It then asked me to restart my computer. Did so, now it starts to reboot then goes black. I am able to get into F2 Setup, and F12, but dont know where to go from here. Please help–thanks

  6. King Theoden says

    I had the fake alert on my computer. When I hit the firefox icon to open the browser it popped up. When I hit the IE icon to open the browser it popped up. When I tried to go to the task manager it popped up- weather I right clicked the task bar and chose task manager or used control alt delete. The alert would pop up. My desktop remained in tact but I couldnt get online or use the task manager as the video instructed.

    I did a search for “Hotfix” and I found it in the application data folder. It wouldn’t go away at first so I renamed it, restarted my computer and then delete it. Had it been called something other than “Hotfix” I wouldnt have known what to look for.

    Thanks for the vid.

  7. technical admin says

    We are hearing it’s named different on some systems but the file path shown in the guide is still accurate.

  8. technical admin says

    Your virus problem is now a computer repair problem.

    Options

    1. Chkdsk
    2. Safe mode then restore
    3. Soft re-install of the OS using the Windows disk to repair the OS

  9. technical admin says

    The threat will not be running while you are in say mode and that is why you are not seeing it in the Task Manager.

    While in safe mode you can try a few things.

    1. search for the virus either by browsing to the directory shown in the guide. ( PLEASE REPORT YOUR PATH TO HELP US UPDATE THE XP FILE PATH.

    2. System Restore. Just go back week.

  10. technical admin says

    NICE!

  11. technical admin says

    VERY NICE TIP!!!! Listen to this one people if your having issue deleting or re-naming

  12. I just bought a new laptop with Norton 360 protection and Window 7. Recently I was hit by this alert. Norton 360 didn’t even pick it up. But like a fool I did hit and downloaded one of those fake fixes. I followed your video to delete the hotfix and it worked. Now my Interent Explorer is working and everthing seems to be back to normal. Thank you. But will this fix also eleminate the fake software I also stupidly downloaded? If not how do i get rid of that. When I go to the Uninstall programs I don’t see it in there. The fake sofware was call AntiSpy Safeguard.

  13. technical admin says

    Read the AntiSpy Safeguard removal guide.

  14. technical admin says

    Run the full virus scan with the SDA client like we recommend. No that file is not gone. You must of not written down the file location correctly. I suggest checking in the startup program through the MSconfig command.

  15. technical admin says

    Read the Great Articles and Advice section for quick reviews on free clients.

    do I recommend using free clients? NO. I have this argument all the time with people. MOST free clients do not block viruses. It’s only after you get infected that they kick in and by that time it can bee too late. Free clients out there that do provide up front protection are simply stripped down versions of the paid client. They do not offer the same protection and often behind on updates. If you are on the web a lot consider actually paying for security. This is the best way to go.

  16. do you have any reccomendations for free protection. and or should i buy something. I have used McCafee in the past but $ issues, went to avast free, got slammed with something bad. still not fixed, now am using AVG freeand a different computer. got the microst essentials fake trojan, fixed it with your help, THANKS. i use XP and iexploerer 8. am on the web alot

  17. Hello, you have been a life saver, however I could open windows task manager so i went directly to the files using the start menu and clicked computer and did a search for “hotfix”. I found re-named it but could not delete it so I re-booted and went back to look for it and it was gone. I kept checking around for it but I can not find it and i am upset that it may not be gone. After this though, everything seems to be working correctly. Any thoughts?

  18. Start button; then searched for Hotfix. I found it in the:

    C:\WINDOWS\Microsoft.Net\Framework\V1.1.4322\Updates

    Renamed the Hotfix.exe to Virus.exe; then restarted computer.
    I went back in to the C:\WINDOWS\Microsoft.Net\Framework\V1.1.4322\Updates
    and deleted the Virus.exe file and then restarted again.

    After restart, Fake Microsoft Security Essentials Alert popped back up. Could not pull up task manager. Did another search for Virus.exe (renamed) or Hotfix.exe and was not there. Running Full System Scan from Nortons. Still t/shooting!!!!

  19. technical admin says

    That path does NOT look right. My guess is you did not get the main executable. Did you look at C:\Users\YOUR-USE-NAME\AppData\Roaming\hotfix.exe?

    what is your OS? Let me know if Norton is now picking this threat up. Last time I checked it was not.

  20. By the way, my OS is Windows Xp fro last comment I made. Thanks…

  21. technical admin says

    Was just asking you what Os.

    I have not had time to infect and test an XP computer. My guess was C:\Documents and Settings\USER NAME\LocalSettings\Application Data\DON’t KNOW would be the location. I could test it out but VERY busy at the moment working on another guide. Too many viruses and not enough time in my day.

  22. Just had this problem on Windows XP.

    Path name for me was:

    c:/Documents and Setting/USERNAME/Application Data/hotfix.exe

    renamed file, restarted computer, deleted. all good now. cheers for the help

  23. you are a saint! i found the hotfix, renamed and restarted in safe during the whold thing and it worked!!! i also have vista

  24. Okay.
    I’m running Windows XP and I’m going to tear my eyes out.
    This thing pops up, and luckily I recognised it as not being legit. Everything closes down as this thing pops up, I tried opening task manager but it is instantly closed before I can use it at all. In your video, after closing the alert a few times it stays away, well I clicked close 30 times and it wouldn’t. I logged into the second user account on this laptop and I’m looking for it, but it’s impossible, and my user files are hidden from this user account, could that be why?

    I searched for hotfix and tried those paths but I found nothing.
    Hallppp mehhh D;

  25. I am having trouble getting my computer to boot in safe mode. When I restart and try to get it to safe mode my computer will freeze on a black screen and wont do anything. It wont even boot. So I have to shut my computer down and restart it. If I just reboot my computer normally. It reboots just fine. I just cant get it to safe mode.

    I have windows XP pro

  26. Please help. I have the fake window pop up. I knew that it was a virus, so I didn’t click on anything…I can’t X it out either. NOR can I even get to my task manager. So although the video is very informative I can’t figure out how to get to the area I need to execute what the video advised me to do! Thank you so much in advance!

  27. Thanks Very Much for providing this information! It was very easy to delete Thanks to You!

  28. My Wife had this Virus on her computer, we had all the torubles that everyone else had with getting Taskbar opened. She used explorer to do a search and found a copy of the “hotfix.exe” under another directory. She had to search in the extended directories to find it in the hidden files.
    Needless to say, I would be reloading Windows XP on a formatted hard drive right now if it were not for your video and forum. Thanks ever so much!
    I wish I had found this site 3 months ago when I had a similar virus on my laptop (I had to reload Windows Vista)

  29. Dennis Chiles says

    Hi – lap top with Vista service pack 2 first thing was someone sent pile of messages from my hotmail account – ok changed password but felt uneasy Kaspersky Full & Critical passed no problem – then I tried safe mode Critical fine, Full closed the computer after about 10 minutes of scanning – since when I have tried MS Malcious Software removal, Kaspersky Virus remover, Spybot, and the Kaspersky rescue disk ALL shut the computer when run in safe mode – any ideas?

    DC

  30. technical admin says

    Need more information.

    When this alert came up did you install the fake security client when prompted to do so?

    Did you go to the file path shown in the manual guide and delete the needed hotfix.exe?

    Because someone was able to access your hotmail account this means one of three things.

    A. someone just bruteforced into the account ( Unlikely unless you have a weak password)
    B. Keylogger installed on your computer
    C. A back door has been opened on your computer and someone else can take control.

    Because B and C are the most likely answers that means you are infected with not just the FAKE Microsoft security Essentials but also a host of other viruses. If your computer savvy I would suggest downloading and installing highjackthis. Other places like the Malwarebytes forum can analize the log file for you and help you manually remove the needed traces. In my last testing of this alert we were also infected with ramnit. It was incredibly hard to remove and took me a good 2 hours of work. Way to complicated to make a manual guide on. This is one reason why we tell EVERYONE, once they manually remove the above threat you need to run a full virus scan. We recommend out Spyware Doctor with Antivirus. Even if you do not plan on purchasing the client. The free trial will still be able to scan and show you what traces you have left over.

    To sum it up. Try Highjack this and see if that won’t show you what’s going on. You may also want to hit the start button and in the run box type msconfig. Then under the Startup tab check what files are starting with your computer.

  31. I can rename the file, but when I try to delete it will not allow me to do so. I receive the following message: “Access is denied.”

    Additionally, I’ve downloaded the Spyware Dr with Antivirus, but it doesn’t do anything when I run the program.

    Any other options?

  32. technical admin says

    did you re-boot after you re-named the file and then try to delete it? You need to re-boot as the guide instructs.

    The SDA client will work once you delete the above process. You may have to re-install it first.

  33. hello, I was hit with not only this but the Antimalware doctor and the Internet Security virus all at the same time and who knows what else. I am running XP. I have followed all these instructions on this and the Antimalware Doctor list and the pop ups have gone away, but now I have the problem of when I try to “update” my Malwarebytes after about 20%+/- in its upload of updates my computer shuts down automatically and re-boots. It does this every time I try to get the updates on Malwarebytes, so something is up and still in my system. any help on this? also I want to give you a list of all the items in my HKEY_CURRENT_USER/software/microsoft/windows/internet settings;
    they are, AutoConfigProxy, CertificateRevocation, DisableCachingOfSSLPages, DisableIDNPrompt, EmailName, EnableAutodial, EnableHttp1_1, EnableNegotiate, EnablePunycode, GlobalUserOffline, IE5_UA_Backup_Flag, MaxConnectionsPer1_OServer, MaxConnectionsPerServer, MigrateProxy, MimeExclusionListForCache, NoNetAutodial, PrivacyAdvanced, PrivDiscUiShown, ProxyHttp1.1, SecureProtocols, ShowPunycode, SyncMode5, UrlEncoding, User Agent, UseSchannelDirectly, WarnonBadCertRecving, WarnonHTTPSToHTTPRedirect, WarnOnPost, WarnonPostRedirect, WarnOnZoneCrossing,ZonesSecurityUpgrede.
    so anything here let me know, also I have run SpyBot and Malwarebytes 5 times each, they at first found 30+ trojans, etc, but they now show zero infections over the last two times but yet I still have my computer shut down automatically when running Malwarebytes trying to get the newest upgrades. For me to do a virus check with Malwarebytes I have to disconnect my DLS box. thanks.

  34. I have a customer that continues to get this after cleaning. She will be fine for 2 weeks and then it will reappear. Any suggestions on how to block permanently?

  35. None of these seems to help because I cannot open task manager, even right after login, plus i only have one login so i cannot use other login. Again, I cannot open task manager in either regular or safe mode. only black screen appears. When I press ctrl,alt,del, it only brings up the microsoft essentials alert window. Any idea?

  36. technical admin says

    All at the same TIME! That’s just crazy.

    Reboot problem: Uninstall the MBMA client and the SBS&D client. Than re-install the MBMA client in safe mode with networking. Update the client and run the scan there.

    I highly recommend after this scan you run a full scan with the SDA client we recommend. As stated the free trial version will not remove threats but it will block threats and show you what else you are infected with and from there you can manually go to those directories and remove what you need to.

    If you do not have live protection you need to get it. The free versions of software you mentioned do not provide live protection.

    Let us know if the uninstall and re-install works for you.

    It’s too hard for me to tell if those registry items are in-deed infected. I do not know what value they currently have. If they are on or off and the like. What I recommend to people who use IE is to re-set the browser. This resolves many issues. You may also want to re-set the Windows Hosts file. We have tools to do both in the side bar.

  37. technical admin says

    Have you manually browsed to the file locations shown in the guide and re-named them?

    What is your operating system. It’s very hard to tell you what steps to take if we don’t have that basic info.

    There is normally always two accounts. Yours and by default a separate Admin account. In safe mode you should have the option of logging into that admin account.

    Reply back with your OS and I’ll see what we can do to get you sorted.

  38. technical admin says

    1. She does not have proper protection. FREE clients suck for live protection. I get hate mail because of it but it’s 100% true. Almost all free clients do not offer live up front protection. The few that do are not zero day protection. The updates are limitted and the upfront protection provided does not provide enough to stop many threats. What is her current security client?

    2. She may have live protection but if she insists on downloading free items and clicking on yes install the program even if the security client says not to, that may be the reason. We have a guide on the top right that talks about how not to get infected again. Worth a read.

    3. The virus was never fully removed. If it’s an XP system there may be a root kit lying in there that keep coming back. If it’s XP you may want to consider using Combofix on it and run highjack this to double check things.

    Perhaps you can view her internet history and see what the urls are that she is visiting and provide her with insight into what sites she should be avoiding. This may prove useful if you start seeing torrent files or porntube sites.

  39. technical admin says

    1. Yes you can install the Hostsfix and IE reset on your computer via a thumb drive because those files do not require an internet connection.

    2. I do not think those two tools are going to end up resolving your issue. Sounds like it’s beyond what those two tools will be able to do. At this time I would advice you boot into safe mode and try a system restore. Go back two weeks and see if that does not help alleviate issues. If that does not work you may need to use the Windows disc to repair any damage done to the operating system. It really sounds like you have corrupt system files.

  40. hello, well since my main desktop is constantly randomly restarting, even doing it in safe mode with networking, I cannot download anything from it. I have to get the virus or whatever is now making my computer automatically restart resolved. I went in and unchecked “automatically restart” under C/properties/startup and recovery. But all that did, was when the computer was going to shut down it froze my computer 100% and never recovered so I had to pull the power, start back up and go back and recheck that box. now I can only work on this desktop offline, when off line all is fine, but the minute I plug back in my DSL line within 1-5 minutes it will shut down and reboot, and continue to do so over and over every 1-5 minutes. so I cannot uninstall and re-install any software that is “online” at all. I am writting this from my laptop, so one, any thoughts on what is infecting my desktop? running XP on it as I described in my first article above titled “Auto Reboot”, second, can I download the 2 things you mentioned, the host reset and IE reset software from your sidebar here into my laptop and copy them onto a drive and paste them into my desktop while it is offline to get the software into my desktop or will that not work? (laptop is running vista)
    thanks a million.

  41. note, this only happened because of the alert. not installing it whatsoever.
    my mom’s computer would not open ANYTHING. nothing. but using this, and various other websites helped a ton. taking bits of knowledge!

    some things not mentioned which help if taskmanager won’t even open:

    do not run in safe mode, only starting windows normally will do the trick.

    go to ->C: -> Windows -> System32 and scroll down to tskmgr

    only there will you be able to delete hotfix.exe..make sure to delete the file location as well. go empty your recycling bin & delete your browsing history/cookies.

    thanks for all your knowledge!

  42. Well, just one thing on my update here, I can’t do a system restore because apparently the virus has hijacked my system restore and the only 2 restore points are the 20th and 21st, and I got the virus on the 19th, and was able to remove at least most of it on the 22nd (thanks to this site). but I cannot go back further than the 20th. I also see that my system restore on my system properties check box cannot be checked to “disable it” it is faint, has if the ability to check or uncheck it has been disabled. this is what is says “checkbox here” Turn off System Restore (disabled by Group Policy) and of course is faint in color.
    I think if whatever has hijacked my system restore can be reversed and I could restore back 2 weeks I might could resolve my constant restarting problem? at least give it a try but as I said, the only 2 restore points are the 2 days after I got the virus’.

  43. technical admin says

    Because the system restore has been disabled the other restore points in all most all cases were already deleted. This means you will be unable to use the restore feature. In most cases security software can restore these settings to their default.

    What I would try to do.

    1. Uninstall all the programs you have installed over the last few weeks. This in may or may not help.

    2. See if you can’t do what is called a software system restore. It’s were you use the Windows disc to repair the OS. This keeps intact all your programs and files.

    3. If that does not work you may want to backup your data and re-install the operating system.

    You are having far more troubles than most people infected with this virus. It may be a good idea to get some price quotes to see if anyone can repair the computer for you. I think an expert may be needed here. You can always chat with the guys on http://www.onlinecomputerrepair.org and see what they would charge you for this kind of issue.

  44. I just want to add that I have this virus, and I’m trying to fix it. I had the black screen safe mode problem but it said “safe mode” in all 4 corners and when I hit “ctrl+alt+del” keys I could get the task manager, and in task manager you can start applications by clicking File->New Task-> at the top of the task manager window and then a drop down will let you browse to the program you need. Very helpful in that I needed networking in safe mode, but at first I couldn’t figure out how to run any apps since I saw no icons on my screen.

    Also note that running safe mode with the command prompt is useful to get to the hotfix.exe file if you can’t do it in normal safe mode. You can copy on the command line “copy hotfix.exe newname.blah” and then “del hotfix.exe” to delete hotfix.exe.

  45. Hotfix.exe-13138D49.pf was found in c:\windows\prefetch when I did a search for hotfix.exe. I renamed that one, along with another one that was in a location similar to the ones described above (all done in safe mode). I rebooted, and when I logged back on, everything showed up like normal, which is a huge blessing after 3 days of nothing but the fake Microsoft security essentials alert window. Will be running a scan with spyware doctor as soon as I clear up another virus that appeared soon after. I now know how to get rid of it (finding the location of the file, renaming it, etc.) thanks to you. 🙂 Thanks so much for this site, it has been a lifesaver!!!

  46. It’s me again 🙂 So I was hit with Antimalware Doctor, Security Tools, System Tools 2011, and Microsoft Security Essentials Alert, back to back to back. As far as I can tell, they are all gone, but I’m trying to run SDA and can’t seem to get the program to work now. I’ve tried uninstalling/reinstalling. I’ve tried rebooting and running it in safe mode. Sometimes it will download like normal, but then won’t run properly (it freezes before the scan starts). But most of the time, when I try to install the program, the setup wizard will just disappear. Obviously, there is still something wrong with my computer. 🙁 Any suggestions?

  47. technical admin says

    Have you paid for a licence? If so just contact PCtools for support on the issue. They have a uninstall tool that works to fully remove the client when issues like yours happens.

    Other than that I would move on to installing a different security client like Kaspersky and running a full scan.

  48. Trying to purchase now, but having difficulties purchasing even on my “healthy” computer. Will try a different security client as suggested. Thanks!

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.