My Security Engine is a rogue antispyware program from the same series of rogues as early appeared Security Guard and Cleanup Antivirus. The difference between this new fake antispyware of others very slightly. Firstly, changed the name of the program and secondly, have been partially modified the core component of the program in order to protect it from detection by the legitimate antivirus and antispyware tools. Otherwise, everything remained as before.
My Security Engine distributed usually through fake online malware scanners. When you opens a page with this scanner, it simulates a system scan and once finished, tells you that your computer is infected with a lot of infections. Then offers to install an “antivirus”. This “antivirus” is a trojan, that once started, will download and install My Security Engine onto your PC.
After breaking into your computer, My Security Engine first step will configure itself to run automatically when Windows starts, then add several lines into HOSTS file so that when you open Google, Yahoo or Bing, you will be redirected to a malicious website and create a lot of fake malware files with random names, that absolute harmless, but later during the scan will be reported as worms, trojans and viruses. Of course, the scan results are false, because the fake antispyware tool identifies harmless files as dangerous infections. Important, do not trust the result of the scan, simply ignore them! My Security Engine want to force you to believe that your computer is infected.
For a more complete picture of what your computer is infected with dangerous viruses, My Security Engine will display numerous warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
Warning
Warning! Virus detected
System alert
Click here to remove all potentially harmful programs found
immediately using My Security Engine.
What is more, My Security Engine may block Task Manager and legitimate antivirus and antispyware programs and hijack Internet Explorer so that it randomly shows a warning page when you browsing the Internet. The title of the page is “There is a problem with this websites`s secuirty. Possible spyware threat detected”. However, all of these alerts and warnings are fake and like scan false results should be ignored!
From the above, obviously, this program is an unwanted guest on your computer, which should be removed from the system upon detection. Please follow the instructions below to remove My Security Engine and any associated malware from your computer for free.
More screen shoots of My Security Engine
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [My Security Engine] “C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe” /s /d
Use the following instructions to remove My Security Engine (Uninstall instructions)
Step 1. Remove My Security Engine and any associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for My Security Engine infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove My Security Engine. MalwareBytes Anti-malware will now remove all of associated My Security Engine files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 2. Reset HOSTS file.
Run Malwarebytes Anti-malware. Open Tools tab. Under FileASSASSIN label click to Run Tool button. In the open window navigate to C->Windows->System32->Drivers->etc and select HOSTS file. Click Open button. Click YES to confirm. Close Malwarebytes Anti-malware.
Click Start, Run. Type notepad and press Enter. Notepad opens. Copy all the text below into Notepad.
127.0.0.1 localhost
Save this as HOSTS to your C->Windows->System32->Drivers->etc. (Remember to select Save as file type: All files in Notepad). Close Notepad.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
My Security Engine creates the following files and folders
%UserProfile%\Application Data\My Security Engine
%UserProfile%\Application Data\My Security Engine\cookies.sqlite
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Application Data\My Security Engine\Instructions.ini
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe
My Security Engine creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | my security engine
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download | RunInvalidSignatures = “1″
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
This worked for me.
Thank you very much!
It worked for me too.
Thanks a lot!
Arrg, it won’t let me replace the HOSTS file. I had already completed your step 1 and it seemed to solve everything except that when you use google search it reroutes you to Gala. I searched “My Search Engine” and Gala (on a different PC of course) which lead me to your helpful site. The malwarebytes tool seemed to work at first. I selected the file name with “hosts” in it (but it wasn’t just hosts it was ifghosts or something random like that). I figured that’s what you meant and clicked open and yes. Then I did the notepad thing, but when I went to save it it says that the file “HOSTS” already exists (even though it is not appearing in the file!) It asks me “Do you want to replace it?” I say “Yes.” Then, it says “hosts This file is set to read-only. Try again with a different file name.” BOOOO! Let me know if there is something I could try to fix it. Thanks for your helpful site!
reesey, try another way
Download HostsXpert. Unzip file and run it.
In the main menu click to “Restore MS Hosts file” button.
The first step worked, but I have no HOSTSfile ???
What can I do now ?
Thanks for your help !
Okay, now I have the same problem as reesey – I fond the hostsfile and it wasn’t named hosts but something random so I chose this.
I tried the programm from Patrik but it doesn’t work. I have an Error named “Cannot create file Window …” .. so, what can I do now.
thanks for this
i m really scared abt that
but really thanks for my help
ive tried.running malware twice but even thougj i remove theviruses i still cant access the internet and the pc is still infected i can’t.even use internrt explorer at all, help
Steph, you have tried remove a HOSTS file using Malwarebytes ?
naz, ask for help in our Spyware removal forum.
It worked. Many thanks.
I have problem with My Security Engine. Please help me with how to remove it through internet.
jawad, if the instructions above does not help, ask for help in our Spyware removal forum.
Is Windows 7 different? When I go to C->Windows->System32->Drivers->etc and select HOSTS file,
there is no “etc” and I cannot find a HOSTS file.
At least when I restart my computer now the My Security Engine seems to be gone.
just downloaded sdasetup and have icon Spyware Doctor but Spyware Doctor won’t launch. Help Please!
My goodness! This is really confusing. I just want all of the viruses OUT. Especially the STUPID “My Security Engine”! HELP!
Plus, how do I know that this isn’t a virus as well?
Caution! Just connected that Spyware Doctor is not Malwarebytes. I searched My Security Engine on Google and website on front page gives this forum under Spyware Doctor website. I uninstalled Spyware Doctor and installed Malwarebytes Anti Malware from Malwarebytes website and it works great. Thanks guys.
neil, looks like you have clicked to a google ads.
I still need help! My Security Engine appears to be gone (thank you!), but now my iTunes will not work (can’t live without that, eek), and I wonder if it is b/c I cannot reset the HOSTS file. More help w/ that? Thanks!
My security engine doesnt allow me to search anything on the laptop that isnt working. So i cant download it because i cant view the website on the laptop.
Why ? Give me more information.
Olivia, reboot your computer in the Safe mode with networking and try the steps above once again.
I am having exactly the same problems as Steph. I have run through all of the steps for removing My Security Engine and it seems to be gone. (ty 🙂 But I still can’t connect to the internet and the HostsXpert is telling me that it “Cannot create file”. Help plz.
Robert, what shows your PC when you trying open any site ? You have tried remove infected HOSTS file with the help of Malwarebytes and make a clean one.
malwarbytes actually removed the security engine, after restarting havent seen anything popping anymore. Now I tried to find the file HOSTS, but no luck
what should I so now?
Patrik i have same error with steph u told that she has to delete hosts file with malware how to do that?
if you’re having trouble trying to find the HOSTS file, use this guide:
bleepingcomputer.com/virus-removal/remove-my-security-engine
scroll down and download hostsperm.bak ; that should give you access
I’d also recommend (as someone already mentioned) to use this guide on safemode.
Vlad, you have tried to remove infected HOSTS file using Malwarebytes ? it not exist ?
Ermm, follow the step 2 above.