 | Home | | Download | | About | | Donation | | Forum | |
This guide contains three parts
Symptom of Security essentials 2010
Security essentials 2010 is a rogue antispyware program. It belongs to a rogue program family, all variants of this rogue program family is listed below: they use the same method to infect your computer.
- Security essentials 2010
- Desktop Security 2010
- Security Tool 2010
1. Once infected by one of above variant, a process (SE2010.exe) will appear in task manager:
A folder "Securityessentials2010" is created in "C:\Program Files" folder
2. The following entries will be added in registry so that the malware can be launched automatically every time when Windows is restarted.
Entries added in registry by Security essentials 2010 :
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[smss32.exe]:
C:\WINDOWS\system32\smss32.exe - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[Security essentials 2010]:
C:\Program Files\Securityessentials2010\SE2010.exe - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\[smss32.exe]:
C:\WINDOWS\system32\smss32.exe - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\[userinit]:
C:\Windows\System32\userinit.exe,C:\WINDOWS\system32\winlogon32.exe
3. A LSP (Layered Service Provider) will be added into TCP/IP protocol stack, that means a dll (helpers32.dll) will be injected into every process which accesses internet. This dll is located in the folder "C:\Windows\System32" folder, If you just simply delete that dll without repairing the TCP/IP protocol stack, you will not be able to access internet.
4. Several files will be dropped in "C:\Windows\System32" folder:
- winlogon32.exe
- smss32.exe
- helpers32.dll
5. Once the malware is active, it will scan your computer and report numerous of infections, if you want to remove those infections, you are told to buy this malware. Actually all the infection items reported by this malware are fake, you should not buy it but should remove it as soon as possible.
Screenshot of Security essentials 2010
How to remove Desktop Security 2010 rogue program
Manual removal instructions (You need to know how to use registry application "regedit")
Step 1: Terminate "Security essentials 2010" processes
Launch task manager, highlight these processese and click "End Process" button
SE2010.exe
smss32.exe
winlogon32.exe
Step 2: Delete "Security essentials 2010" folder
Launch Windows explorer, navigate to "C:\Program Files" folder:
You will find a subfolder "Securityessentials2010" in "C:\Program Files" folder, just delete it.
Step 3: Delete registry entries added by "Desktop Security 2010"
Launch "regedit" application from "Start -> Run -> Regedit"
Navigate to this key :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Highlight the key "Run", at right side of the regedit window, delete these two items whose names are:
"smss32.exe" and "Security essentials 2010"
Continue navigating to this key :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Highlight the key "Run", at right side of the regedit window, delete this item whose name is:
smss32.exe
Continue navigating to this key :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Highlight the key "Winlogon", at right side of the regedit window, double click on this item:
name="userinit", set its value to "C:\Windows\System32\userinit.exe," . The images below are "before-fix" and "after-fix" what the registry entry looks like:
Step 4: Delete Security essentials 2010 file
Launch Windows explorer and navigate to this folder "C:\Windows\System32", find these files and delete them:
smss32.exe
winlogon32.exe
helpers32.dll
Step 5: Fix broken TCP/IP protocol stack
There is manual method to fix a broken TCP/IP protocol stack, you better use some security programs to fix it automatically.
Now all active objects of Security essentials 2010 are removed, you still need to run some antispyware programs to scan and clean up your computer for other malware that may exist in your system.
Automatical Removal instructions
Several antispyware programs can completely remove this malware:
MalwareBytes:
MalwareBytes is an excellent antispyware program, The company of MalwareBytes provides a free version for personal user.
Download and install MalwareBytes Anti-malware (MBAM).
Main interface of MalwareBytes' Anti-Malware
AVG Antivirus:
AVG Antivirus is another well-known antivirus protection tool. The AVG Free Edition is available free of charge to home users for the life of the product.
Download and install AVG Free Edition
Main interface of AVG
Solution for infection by a new variant
If you followed the steps above but still get this malware or some objects are denied to delete, your computer possibly gets infected by a new variant or there is some hidden objects that have not been detected. We provide a free diagnostic scan tool ("TheStubware") to scan your computer and generate a scan log file for analysis. This tool is especially used to find those stubborn malware. You can submit your log file to support@TheStubware.com, we will analyze it and send you back a removal script file to remove the new variant or hidden objects found in your log file.
Download and install TheStubware
| Do you remove this: |