My Security Engine is a rogue antispyware program from the same series of rogues as early appeared Security Guard and Cleanup Antivirus. The difference between this new fake antispyware of others very slightly. Firstly, changed the name of the program and secondly, have been partially modified the core component of the program in order to protect it from detection by the legitimate antivirus and antispyware tools. Otherwise, everything remained as before.
My Security Engine distributed usually through fake online malware scanners. When you opens a page with this scanner, it simulates a system scan and once finished, tells you that your computer is infected with a lot of infections. Then offers to install an “antivirus”. This “antivirus” is a trojan, that once started, will download and install My Security Engine onto your PC.
After breaking into your computer, My Security Engine first step will configure itself to run automatically when Windows starts, then add several lines into HOSTS file so that when you open Google, Yahoo or Bing, you will be redirected to a malicious website and create a lot of fake malware files with random names, that absolute harmless, but later during the scan will be reported as worms, trojans and viruses. Of course, the scan results are false, because the fake antispyware tool identifies harmless files as dangerous infections. Important, do not trust the result of the scan, simply ignore them! My Security Engine want to force you to believe that your computer is infected.
For a more complete picture of what your computer is infected with dangerous viruses, My Security Engine will display numerous warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
Warning
Warning! Virus detected
System alert
Click here to remove all potentially harmful programs found
immediately using My Security Engine.
What is more, My Security Engine may block Task Manager and legitimate antivirus and antispyware programs and hijack Internet Explorer so that it randomly shows a warning page when you browsing the Internet. The title of the page is “There is a problem with this websites`s secuirty. Possible spyware threat detected”. However, all of these alerts and warnings are fake and like scan false results should be ignored!
From the above, obviously, this program is an unwanted guest on your computer, which should be removed from the system upon detection. Please follow the instructions below to remove My Security Engine and any associated malware from your computer for free.
More screen shoots of My Security Engine
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [My Security Engine] “C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe” /s /d
Use the following instructions to remove My Security Engine (Uninstall instructions)
Step 1. Remove My Security Engine and any associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for My Security Engine infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove My Security Engine. MalwareBytes Anti-malware will now remove all of associated My Security Engine files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 2. Reset HOSTS file.
Run Malwarebytes Anti-malware. Open Tools tab. Under FileASSASSIN label click to Run Tool button. In the open window navigate to C->Windows->System32->Drivers->etc and select HOSTS file. Click Open button. Click YES to confirm. Close Malwarebytes Anti-malware.
Click Start, Run. Type notepad and press Enter. Notepad opens. Copy all the text below into Notepad.
127.0.0.1 localhost
Save this as HOSTS to your C->Windows->System32->Drivers->etc. (Remember to select Save as file type: All files in Notepad). Close Notepad.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
My Security Engine creates the following files and folders
%UserProfile%\Application Data\My Security Engine
%UserProfile%\Application Data\My Security Engine\cookies.sqlite
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Application Data\My Security Engine\Instructions.ini
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe
My Security Engine creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | my security engine
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download | RunInvalidSignatures = “1″
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
C->Windows->System32->Drivers->etc and select HOSTS file. i cant find this
Ermm, you have tried to make a new one and save it to C->Windows->System32->Drivers->etc (where C is your system drive which contains Windows folder).
Oh great! It works, though I have not tried the host file
new one refers to?? :DD
new one – is a file that contains “127.0.0.1 localhost” w/o quotes. Save it as HOSTS (select filetype: all files) to C->Windows->System32->Drivers->etc
Whew!
I google-you,and my problem with that stupid My Security Engine has just-vanished!!
Thank you so much!
And I’m keeping this file too,in case my friends have the same problems!
Hi All,
In my case, the software downnloaded has removed My Security Engine. I hope that I shall not have any further problems.
What sucks is that I purchased McAfee anti-virus in the past. My subscription is still valid and when i contacted their customer support team regarding My Security Engine they refused to removed but after paying extra £60!!!!!!!
I believe this is rip-off.
Thanks,
Tigres
i dont have a file named etc
HELP!!! i did all the steps but could’nt find the host file. so i downloaded the Hostsperm.bat and now could find the host file and delete it. BUT now i want to save the new host file and the etc. folder can’t be found ?!?!?! i don’t understant it!! and i’m going crazy 🙁 …
i must say that if i search this folder, it’s there, but id i want to save the new information there, then it’s gone…
PLZ HELP
so now i tried to save it again, and found the etc. folder, but when i actually press the save button a message appears- “you don’t have permission to save this in this location. contact the administrator (which is ME) to obtain permission”. but when i try to change myself to the administrator, i can’t…
what’s going on???
HELP
report : MBAM_ERROR_ADD_TO_RESULTS (0,6)
when i scan the computer , it show this and report to your support ! thanks !
Ermm, “etc” is a folder name.
Liri, open a new topic in our Spyware removal forum. I will check your PC.
Yan, please start a new topic in our Spyware removal forum. I will help you.
thank you so much!
you save my life.
I am running windows 7 which does not have a folder beyond “drivers” with a hosts file. There is a file HOSTNAME however in the “System32” folder. Is this the one I should be correcting?
Pessoal, muito obrigado Pela uma juda Que vcs me com removedor deram.consegui Sucesso Esse Programa do Meu PC. porfavor não baixem esse programa, ele é uma farça, My Security Engine.
thanks you very very much !
can this thing remove the damn shit screaming on my computer??
Joel,
Click Start, Run (or type the following text in a search field).
%WinDir%System32\Drivers\etc
Windows Explorer window opens with contents of etc folder.
pearl, looks like your PC infected with a trojan. Please begin a new topic in our Spyware removal forum. I will help you.
Hi, Patrik!
My laptop got infected My Security Engine, but Malwarebytes didn’t work. It scanned & found objects. However, it didn’t show “Show Results” screen at all. I don’t know what to do. Internet is messed up & won’t let me in.
I’m so helpless. Please help me!!
Regina, please start a new topic in our Spyware removal forum. I will help you.
I have been reading the posts but still need help. I did the the removal process through bleepingcomputer.com but i dont have c:\windows\system32\drivers\etc\hosts i have everything except the hosts file i have lmhost. do i delete that? I still dont understand how to change it. thanks!
I have been reading the posts and Im still having problems. I dont have the C->Windows->System32->Drivers->etc and select HOSTS . I have lmhost.sam but i cant open it. Also if i try to retype 127.0.0.1 localhost in the notepad and save it to the above file it says i dont have permission. Im not sure what im doing wrong. Then I have problems getting on the interent. Please help me THANKS!!
so wt is host file??
After I got into the drivers, I could not find a folder called etc. so wt should I do now???
Shelly, start a new topic in our Spyware removal forum. I will help you.
Hannah, click Start, Run. Type
%WinDir%\system32\drivers\etc
Windows Explorer window opens with contents of “etc” folder.
It worked. Thanks.
i dont have a folder named etc too