Click on screenshot to zoom
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Home Safety Essentials

There are many reasons attributable to the continued success of developers of rogue antispyware applications such as Home Safety Essentials – such as their incredibly malicious attacks and panic tactics used against inexperienced PC owners. Home Safety Essentials in particular derives from the same family of rogue security tools as the Rogue.VirusDoctor family, Anti-Malware Lab, System Smart Security, PC Security Guardian, Best Malware Protection, Internet Security Essentials and Smart Internet Protection 2011. It enters the system surreptitiously and remains hidden from the user until it is ready to start its attack. But Home Safety Essentials will of course attempt to convince its prospective victims that it is indeed a genuine security tool, when this is certainly not the case. Home Safety Essentials does not have the ability to detect or remove any type of threat from the system, as it is nothing more than a malicious threat in itself.

Download Spyware Removal Tool to Remove* Home Safety Essentials
  • Quick & tested solution for Home Safety Essentials removal.
  • 100% Free Scan for Windows

Home Safety Essentials targets vulnerable PCs through using fake online malware scanners such called Windows Web Security. If the user clicks on these fake scans they will be redirected to a fake website where the page will emulate a real Windows platform scan and pretend to scan the user’s PC. After this fake system scan finishes it will inform the user that his system is infected with numerous critical infections, and will inform the user that he needs to download Home Safety Essentials to fix it. Browser hijacking websites are also used to forcefully root the Home Safety Essentials infection into PCs using drive-by download tactics.

This rogue will create randomly generated files on the system, and then report them as threats. Some of these fake threats are:

CLSV.tmp
DBOLE.dll
Recent\PE.sys
SICKBOY.drv
SICKBOY.sys
delfile.dll
eb.dll

Shortly following this fake results having been generated the user will find himself presented with various annoying pop up messages acting as security notifications. These fake notifications will also inform the user that his system is being attacked, and that he needs to purchase Home Safety Essentials in order to stave off these attacks.

Other symptoms associated with the Home Safety Essentials infection range from users being unable to connect to the Internet as well as being unable to launch applications on the infected system. This is done to further panic and frustrates the user, but also to prevent him from downloading or executing an application which may be able to detect and destroy Home Safety Essentials from the system. Victims of Home Safety Essentials have also complained about increased erratic system behavior and poor system performance. It has also been reported that certain system folders’ contents were hidden from users.

In order to make it easier to delete Home Safety Essentials from the system, enter the following activation code into the rogue:

K7LY-H4KA-SI9D-U2FD

To do this, click on the Help button, and then click on Register Now and enter the above key. Do not think that by merely having entered the above activation key that you have successfully removed the threat, as you still need to erase Home Safety Essentials from the system in order to secure your PC.

Save yourself trouble and effort and remove Home Safety Essentials with the help of a powerful and effective removal tool. This remains the most effective and safest way to permanently destroy Home Safety Essentials from your PC and restore your system’s privacy and security.

Download Spyware Removal Tool to Remove* Home Safety Essentials
  • Quick & tested solution for Home Safety Essentials removal.
  • 100% Free Scan for Windows

How to renew your internet connection:

This rogue antispyware blocks your Internet connection to prevent you from removing the rogue application. To enable the Internet connection, please follow these instructions:
  1. Open Internet Explorer and go to >Tools< select >Internet Options<

  2. Select >Connections<

  3. Select >LAN Settings<

  4. Now you need to uncheck the checkbox labeled >Use a proxy server for your LAN< in Proxy Server section. Then press the >OK< button to close this screen and press the >OK< button to close the Internet Options screen.

  5. Now you can download the SpyHunter scanner and remove the infection.

Download Spyware Removal Tool to Remove* Home Safety Essentials
  • Quick & tested solution for Home Safety Essentials removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Home Safety Essentials

Files associated with infection (Home Safety Essentials):

%UserProfile%\Desktop\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Start Menu\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Start Menu\Programs\Home Safety Essentials.lnk
%AppData%\Microsoft\Windows\Recent\snl2w.drv
%AppData%\Microsoft\Windows\Recent\runddlkey.exe
%AppData%\Microsoft\Windows\Recent\ppal.drv
%AppData%\Microsoft\Windows\Recent\pal.sys
%AppData%\Microsoft\Windows\Recent\gid.tmp
%AppData%\Microsoft\Windows\Recent\energy.dll
%AppData%\Microsoft\Windows\Recent\eb.sys
%AppData%\Microsoft\Windows\Recent\eb.dll
%AppData%\Microsoft\Windows\Recent\delfile.dll
%AppData%\Microsoft\Windows\Recent\SICKBOY.sys
%AppData%\Microsoft\Windows\Recent\SICKBOY.drv
%AppData%\Microsoft\Windows\Recent\PE.sys
%AppData%\Microsoft\Windows\Recent\DBOLE.dll
%AppData%\Microsoft\Windows\Recent\CLSV.tmp
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk
%AppData%\Home Safety Essentials\ScanDisk_.exe
%AppData%\Home Safety Essentials\Instructions.ini
%AppData%\Home Safety Essentials\
%AllUsersProfile%\HSYITSQGE\HSLGILTOGE.cfg
%AllUsersProfile%\HSYITSQGE
%AllUsersProfile%\[random]\Quarantine Items
%AllUsersProfile%\[random]\HSESys
%AllUsersProfile%\[random]\HSE.ico
%AllUsersProfile%\[random]\HS2d7_231.exe
%AllUsersProfile%\[random]\6113.mof
%AllUsersProfile%\[random]\46.mof
%AllUsersProfile%\[random]\3178.mof
%AllUsersProfile%\[random]\14.mof
%AllUsersProfile%\[random]

Processes to kill (Home Safety Essentials):

%AppData%\Microsoft\Windows\Recent\runddlkey.exe
%AppData%\Home Safety Essentials\ScanDisk_.exe
%AllUsersProfile%\[random]\HS2d7_231.exe

Remove registry entries (Home Safety Essentials):

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\91\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid {137E7700-3573-11CF-AE69-08002B2E1262}
HKCU\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures "no"
HKCU\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures 1
HKCU\Software\Microsoft\Internet Explorer\PRS http://127.0.0.1:27777/?inj=%ORIGINAL%
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=231&q={searchTerms}
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\89770803
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\lib/5.00231
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID 231
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 msseces.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 MSASCui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 avgscanx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 avgcfgex.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 avgemc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 avgchsvx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 avgcmgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 avgwdsvc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 ekrn.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 egui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 avgnt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 avcenter.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 avscan.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 avgfrw.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 avgui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 avgtray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials
HKLM\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKLM\SOFTWARE\Classes\HS2d7_231.DocHostUIHandler
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser "2"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA "1"
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.