Security Mechanic is a rogue antispyware program from SpyProtector family. It distributed through the use of fake online malware scanners. When installed, the rogue configures itself to run automatically every time, when you start your computer. Immediately after launch, the program starts scanning the computer and found a lot of trojans and spyware that cannot be removed unless you first purchase the software. All of these infections are fake, so you can safely ignore them.
While the Security Mechanic is running, your computer will display fake alerts, an example:
System warning:
Intercepting programs that may compromise your privacy and
harm your system have been detected on your PC. Click here
to remove them immediately with the latest version of Security
Mechanic
Security Mechanic
Security Mechanic has detected harmful software in your
system. It is strongly recommended to register Security
Mechanic to remove these threats immediately.
Click on this message to fix these errors.
As you can see, Security Mechanic is designed only for one – to trick you into buying the software. Instead of doing so, use these Security Mechanic removal instructions below in order to remove this infection and any associated malware from your computer.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [Security Mechanic] C:\Documents and Settings\Pedro Adrian\Application Data\lsascs.exe
Use the following instructions to remove Security Mechanic (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Security Mechanic infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Security Mechanic removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Security Mechanic creates the following files and folders
%ProgramFiles%\Security Mechanic
%UserProfile%\Application Data\spyprotector
%UserProfile%\Application Data\setup.exe
%UserProfile%\Application Data\shellex.dll
c:\WINDOWS\system32\spyprotector.cpl
c:\documents and settings\pedro adrian\application data\spyprotector\SC_Base_new.dat
c:\documents and settings\pedro adrian\application data\spyprotector\SC_Config.ini
%UserProfile%\Application Data\Microsoft\windll32.exe
%UserProfile%\Application Data\lsascs.exe
Security Mechanic creates the following registry keys and values
HKEY_CLASSES_ROOT\CLSID\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security mechanic
