Click on screenshot to zoom
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Infection Video Home Malware Cleaner

Home Malware Cleaner

Warning! Online hackers have released a new malicious antispyware tool by the name of Home Malware Cleaner, and be sure that any PC user can become its victim! The clone of such rogues as Malware Protection Center, Internet Security Guard and Smart Anti-Malware Protection shares the same interface and has only one purpose – to get your money! Luckily, it cannot do this without your consent, so do not let the scam fool you, remove Home Malware Cleaner from your computer and use a powerful security tool to protect you from threats alike.

Download Spyware Removal Tool to Remove* Home Malware Cleaner
  • Quick & tested solution for Home Malware Cleaner removal.
  • 100% Free Scan for Windows

There are numerous ways for the rogue to get into your system, and you need to be wary when surfing the web. So be careful when opening suspicious links or following directions of social engineering scams. If Home Malware Cleaner gets activated in your personal system, you will notice sudden changes. Your PC might become unbearably slow, and a bogus scanner will report your system is infected with fake Trojans, worms and other malware. All of the warnings that Home Malware Cleaner sends you are completely false, and you need to ignore all annoying pop-ups and alerts appearing on your screen.

Recommendation: Activate Home Malware Cleaner to get Full protection against malicious, virus, spyware and unwanted software

Recommended:
Please click “Remove all” button to erase all infected files and protect your PC

Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…

The main purpose of these messages is to push you into believing that the infection in your PC is real. Annoying pop-ups and dysfunctional computer running create an illusion that the only way out of this problem is to get the full version of Home Malware Cleaner. Do not be fooled by this scam, because the transaction you would make, when paying for this useless tool, would let hijackers and third parties collect your personal data! The only sensible solution in this situation is to remove Home Malware Cleaner. Only this way you will be able to resume to normal Windows operating immediately, and be free from all annoying alerts. Use a legitimate antispyware to do the job for you, or do it manually. Use an activation key bellow to stop malware's symptoms.

Activation key
U2FD-S2LA-H4KA-UEPB

Download Spyware Removal Tool to Remove* Home Malware Cleaner
  • Quick & tested solution for Home Malware Cleaner removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Home Malware Cleaner

Files associated with infection (Home Malware Cleaner):

%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\tempdoc.sys
%UserProfile%\Recent\tempdoc.drv
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\fix.drv
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Desktop\Home Malware Cleaner.lnk
%StartMenu%\Programs\Home Malware Cleaner.lnk
%CommonAppData%\79b35\Quarantine Items\
%CommonAppData%\79b35\HMCSys\
%CommonAppData%\79b35\BackUp\
%CommonAppData%\79b35\sqlite3.dll
%CommonAppData%\79b35\mozcrt19.dll
%CommonAppData%\79b35\6543.mof
%CommonAppData%\79b35\HMC.ico
%CommonAppData%\79b35\HMa76.exe
%CommonAppData%\79b35\
%AppData%\Home Malware Cleaner\cookies.sqlite
%AppData%\Home Malware Cleaner\
%AppData%\Home Malware Cleaner\ScanDisk_.exe
%AppData%\Home Malware Cleaner\Instructions.ini
%CommonAppData%\[random]\[random].cfg
%CommonAppData%\[random]\ASE.ico
%CommonAppData%\[random]\[random].exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Malware Cleaner.lnk
%Desktop%\Home Malware Cleaner.lnk
%StartMenu%\Home Malware Cleaner.lnk
%Programs%\Home Malware Cleaner.lnk

Processes to kill (Home Malware Cleaner):

%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\CLSV.exe
%CommonAppData%\79b35\HMa76.exe
%AppData%\Home Malware Cleaner\ScanDisk_.exe
%CommonAppData%\[random]\[random].exe

Remove registry entries (Home Malware Cleaner):

HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Home Malware Cleaner” “%CommonAppData%\[random]\[random].exe” /s /d
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\dumped_patched.DocHostUIHandler
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = 8010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "runtime 13.08010"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Malware Cleaner"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.