Home Security Solutions
Home Security Solutions is a rogue antivirus application that detects virus and other forms of threats on the computer. This method is typical to all fake security products in order to mislead victims. To avoid its removal from an infected system, Home Security Solutions will disable needed Windows tools and utilities. It will also block execution of security software found on the computer. The rogue software runs own virus scan when Windows starts and find exactly the same threats on different computers. These threats are TrustWarrior, Virus.Win32.Faker.a, Trojan-PSW.Win32.Hooker, Trojan-Spy.HTML.Paypal.hn, Bat.Looper and so on.
Authors of Home Security Solutions are utilizing the Internet to spread a copy to every user. By means of infected web sites and Trojans, the rogue security application can deceive victims to get involved in the installation. As for stealth penetration, security breach may be exploited that leads to a more severe infection. Once inside the system, Home Security Solutions creates some modifications on system files and registry. It adds some values that will allow itself to run on each boot-up and execute tasks. Thus, the rogue application may freely produce abundance of fake alert messages.
What the rogue author wanted is to sell this counterfeit application. So, every attempt to remove threats will redirect the browser to a payment web site where victims can pay for the registered version using credit card account. Registering the product will lead to a more serious problem and may steal details from the account. The best solution is to download and scan computer with genuine anti-malware product as stated on the removal procedure found on this page.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Malware Behavior
When Home Security Solutions is loaded on the system, it will begin to scan hard drive and produce non-existent threats like Trojans, viruses, worms and spyware. It will also drops several clean files that it claims to be compromised during scan. Adding registry entries is another task it must complete to load the fake anti-virus on Windows start-up. When victim attempts to remove viruses detected by Home Security Solutions, it opens a browser Window to register the program as shown in this image.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKCR\HSS.DocHostUIHandler
HKCR\HSS.DocHostUIHandler\Clsid
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKCU\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKCU\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKCU\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2"= "ekrn.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3"= "egui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4"= "avgnt.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5"= "avcenter.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = = "avgscanx.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "Home Security Solutions"
HKCR\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKCU\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
Associated Files and Folders:%UserProfile%\Recent\ANTIGEN.exe %UserProfile%\Recent\CLSV.drv %UserProfile%\Recent\CLSV.sys %UserProfile%\Recent\ddv.sys %UserProfile%\Recent\eb.dll %UserProfile%\Recent\FW.dll %UserProfile%\Recent\grid.exe %UserProfile%\Recent\kernel32.exe %UserProfile%\Recent\kernel32.tmp %UserProfile%\Recent\pal.exe %UserProfile%\Recent\snl2w.sys %UserProfile%\Recent\std.exe %UserProfile%\Recent\tjd.exe %UserProfile%\Start Menu\Home Security Solutions.lnk %UserProfile%\Start Menu\Programs\Home Security Solutions.lnk %Desktop%\Home Security Solutions.lnk %AppData%\Home Security Solutions\ %AppData%\Home Security Solutions\cookies.sqlite %AppData%\Home Security Solutions\Instructions.ini %AppData%\Home Security Solutions\ScanDisk_.exe %AppData%\Microsoft\Internet Explorer\Quick Launch\Home Security Solutions.lnk %CommonAppData%\58h42\ %CommonAppData%\58h42\HSa76.exe %CommonAppData%\58h42\HSS.ico %CommonAppData%\HSALJNS\ %CommonAppData%\HSALJNS\HSGZLIDJFOS.cfg
How to Remove Home Security Solutions
Restore Windows Components:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with Smart Anti-Malware Protection, please restore Windows to previous configuration.Activating the Rogue Program
Smart Anti-Malware Protection will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.
Activation Code: U2FD-S2LA-H4KA-UEPB or K7LY-R5GU-SI9D-EVFB
Once activated, downloading of necessary program to scan and remove Smart Anti-Malware Protection is now possible.
Automatic Removal Procedure
1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid Smart Anti-Malware Protection from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.
2. Download removal software and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.
6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Smart Anti-Malware Protection.
10. Restart your computer.
Note: If Smart Anti-Malware Protection prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.