Home Malware Cleaner

From Wiki-Security, the free encyclopedia of computer security

Home Malware Cleaner Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<
Notice:






SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:


If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Home Malware Cleaner is a fake computer security application that masquerades as real computer security software on the machines that Home Malware Cleaner infects in order to scam their users into willingly buying the equally fake full version of this – in all reality, non-existent computer security – rogue anti-spyware application.

Home Malware Cleaner is part of the Rogue:Win32/FakePAV family of rogue anti-spyware programs, and as such, can claim clone-like predecessors such as Home Malware Cleaner, My Security Sentinel, System Smart Security, Home Safety Essentials, and Smart Virus Eliminator.

Home Malware Cleaner is an Absolutely Fake Security Application, in Every Single Way


Derived from and designed by cybercriminals, Home Malware Cleaner hopes to scam targeted PC users in this way in order to manipulate them into purchasing a useless anti-spyware program and wasting their hard earned cash. This is the crux of the Home Malware Cleaner online scam. Never ever trust this phony computer security program. Home Malware Cleaner can not provide anything real to you – in terms of computer protection – because nothing about this bit of fake security software is real – in any single way.

To scam you, Home Malware Cleaner will wrongfully emulate the behavior of real computer security applications – in an attempt to make you believe that this application is real and that your machine is seriously infected. One way that Home Malware Cleaner will work to do this is by sending a flood of fake pop-up security alerts to your compromised machine. If this happens, you can expect to see false messages, such as:
Security Center
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to a remote computer!
Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded.
To protect your private data, please click 'Prevent Connection' button below.


Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Win64.BIT.Looker.exe
Risk: High


System warning
No real-time malware, spyware and virus protection was found. Click here to activate.


ERROR MESSAGE:
Warning
Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Sunfraud.a


Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys


WARNING! 371 threats detected
Detected malicious programs can damage your computer and compromise your privacy. It's strongly recommended to remove them immediately [sic]!
Potential risks: Infecting other computers on your network
Continue unprotected Remove all threats now


If you machine has been affected by Home Malware Cleaner, Wiki-security.com malware specialists recommend a complex malware solution to aid you in caring for your compromised machine. Home Malware Cleaner is a complex malware application, which means that it can indicate the existence of more than one malware-based security threat on your computer system. Modern malware programs often circulate together in groups – you can think of this in terms of packs of malware.

For example, many rogue anti-spyware tools like Home Malware Cleaner, are often promoted and propagated onto targeted computer systems by nasty malware-distributing Trojans. For this reason, the process of manually removing this particular brand of computer security threat can be highly tricky and difficult for those who do not specialize in such a thing.

To check your computer for Home Malware Cleaner, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Home Malware Cleaner and other threats. If you detect the presence of Home Malware Cleaner on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Home Malware Cleaner.

Contents

Detection of Home Malware Cleaner (Recommended)

Home Malware Cleaner is difficult to detect and remove. Home Malware Cleaner is not likely to be removed through a convenient "uninstall" feature. Home Malware Cleaner, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Home Malware Cleaner and other spyware, adware, trojans and viruses on your computer.

Run a Home Malware Cleaner scan/check to successfully detect all Home Malware Cleaner files with the SpyHunter Spyware Detection Tool. If you wish to remove Home Malware Cleaner, you can either purchase the SpyHunter spyware removal tool to remove Home Malware Cleaner or follow the Home Malware Cleaner manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Home Malware Cleaner. Home Malware Cleaner can come bundled with shareware or other downloadable software.

Another method of distributing Home Malware Cleaner involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Home Malware Cleaner on your system. Home Malware Cleaner installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Home Malware Cleaner, use this SpyHunter Spyware dectection tool to detect Home Malware Cleaner and other common Spyware infections. After detection of Home Malware Cleaner, the next advised step is to remove Home Malware Cleaner with the purchase of the SpyHunter Spyware removal tool.

Symptoms

Home Malware Cleaner may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Home Malware Cleaner from your computer.

Remedies and Prevention

Home Malware Cleaner, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Home Malware Cleaner along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Home Malware Cleaner, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Home Malware Cleaner and other types of spyware.

Remove Home Malware Cleaner manually

Another method to remove Home Malware Cleaner is to manually delete Home Malware Cleaner files in your system. Detect and remove the following Home Malware Cleaner files:

Processes

  • %AppData%\Home Malware Cleaner\ScanDisk_.exe
  • %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
  • %AllUsersProfile%\Application Data\5c678c\HM5c6_8010.exe
  • %CommonAppData%\79b35\HMa76.exe
  • %UserProfile%\Recent\CLSV.exe
  • %UserProfile%\Recent\grid.exe
  • %UserProfile%\Recent\PE.exe

DLLs

  • %AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
  • %AllUsersProfile%\Application Data\5c678c\sqlite3.dll
  • %CommonAppData%\79b35\sqlite3.dll
  • %CommonAppData%\79b35\mozcrt19.dll

Other Files

  • %AppData%\Home Malware Cleaner\Instructions.ini
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Home Malware Cleaner.lnk
  • %Desktop%\Home Malware Cleaner.lnk
  • %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].cfg
  • %CommonAppData%\[RANDOM CHARACTERS]\ASE.ico
  • %AppData%\Home Malware Cleaner\cookies.sqlite
  • %AppData%\Home Malware Cleaner\
  • %Programs%\Home Malware Cleaner.lnk
  • %StartMenu%\Home Malware Cleaner.lnk
  • %AllUsersProfile%\Application Data\HMEMLLCC\
  • %AllUsersProfile%\Application Data\HMEMLLCC\HMFLAAC.cfg
  • %AllUsersProfile%\Application Data\5c678c\51.mof
  • %AllUsersProfile%\Application Data\5c678c\HMC.ico
  • %AllUsersProfile%\Application Data\5c678c\
  • %AllUsersProfile%\Application Data\5c678c\BackUp\
  • %AllUsersProfile%\Application Data\5c678c\HMCSys\
  • %AllUsersProfile%\Application Data\5c678c\Quarantine Items\
  • %CommonAppData%\79b35\HMC.ico
  • %CommonAppData%\79b35\6543.mof
  • %CommonAppData%\HMJFZWC\HMXBXWJCMC.cfg
  • %StartMenu%\Programs\Home Malware Cleaner.lnk
  • %UserProfile%\Desktop\Home Malware Cleaner.lnk
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\DBOLE.tmp
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\exec.drv
  • %UserProfile%\Recent\eb.tmp
  • %UserProfile%\Recent\fix.drv
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\tjd.drv
  • %UserProfile%\Recent\tempdoc.sys
  • %UserProfile%\Recent\tempdoc.drv
  • %UserProfile%\Recent\SICKBOY.tmp

Registry Keys

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Malware Cleaner" "%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe" /s /d
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exe\Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\Software\Classes\HM5c6_8010.DocHostUIHandler Default = Implements DocHostUIHandler Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF} Default = Implements DocHostUIHandler LocalServer32 = %AllUsersProfile%\Application Data\5c678c\HM5c6_8010.exe ProgID = HM5c6_8010.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\dumped_patched.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = 8010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "runtime 13.08010"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Malware Cleaner"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"

External links

RECOMMENDED by Wiki-Security
To detect and remove the latest spyware threats, run SpyHunter's spyware detection tool on your PC.


Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Home Malware Cleaner or its creators in any way. This website does not advocate the actions or behavior of Home Malware Cleaner and its creators. Our objective is to provide Internet users with the know-how to detect and remove Home Malware Cleaner and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Home Malware Cleaner in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views
Navigation