Today we would like to talk about one of the latest badware in the market of rogues, which name is My Security Wall. This rogue is the imitation of security application that supposedly was created to keep your computer in safe. In fact, My Security Wall has similar features with Virus Doctor, another abominable forgery security tool. When My Security Wall gets inside your computer, it is going to run a security scanning of your system, and detect, without doubts harmless files, as threats. Interesting fact about My Security Wall is that this rogue will not be able to remove the infections without purchased license that you can buy if to visit badware’s official page in the Internet. One can easily ignore all the warnings and scan results from My Security Wall as they are absolutely unreliable, and cannot be trusted. If to talk more about My Security Wall we can tell that this fake security application will do its best to protect itself of being thrown out from your PC. For this, My Security Wall will try to get rid of all legitimate antivirus programs, and block all yours attempting of entering security related web sources that can detect and remove My Security Wall. Last, but not least, My Security Wall is promoted by Trojan horse that installs not only this badware and fake harmless files, but will also put diverse number of viruses, worms and other malware of course without your permissions. That’s why, we recommend you to get rid of My Security Wall as soon as it is ever possible.
Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:
How to remove My Security Wall manually:
It's possible to remove My Security Wall manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
%Documents and Settings%\All Users\Application Data\117fc
%Documents and Settings%\All Users\Application Data\117fc\MS339.exe
%Documents and Settings%\All Users\Application Data\117fc\MSW.ico
%Documents and Settings%\All Users\Application Data\117fc\7463.mof
%Documents and Settings%\All Users\Application Data\117fc\mozcrt19.dll
%Documents and Settings%\All Users\Application Data\117fc\sqlite3.dll
%Documents and Settings%\All Users\Application Data\117fc\BackUp\Adobe Reader Speed Launch.lnk
%Documents and Settings%\All Users\Application Data\117fc\BackUp
%Documents and Settings%\All Users\Application Data\117fc\BackUp\Adobe Reader Synchronizer.lnk
%Documents and Settings%\All Users\Application Data\117fc\MSWSys
%Documents and Settings%\All Users\Application Data\117fc\MSWSys\vd952342.bd
%Documents and Settings%\All Users\Application Data\117fc\Quarantine Items
%Documents and Settings%\All Users\Application Data\MSEAIVCW
%Documents and Settings%\All Users\Application Data\MSEAIVCW\MSGWBQLMRPW.cfg
%Documents and Settings%\[UserName]\Application Data\My Security Wall
%Documents and Settings%\[UserName]\Application Data\My Security Wall\cookies.sqlite
%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Wall.lnk
%Documents and Settings%\[UserName]\Desktop\My Security Wall.lnk
%Documents and Settings%\[UserName]\Recent\ANTIGEN.tmp
%Documents and Settings%\[UserName]\Recent\dudl.sys
%Documents and Settings%\[UserName]\Recent\energy.drv
%Documents and Settings%\[UserName]\Recent\exec.dll
%Documents and Settings%\[UserName]\Recent\exec.drv
%Documents and Settings%\[UserName]\Recent\grid.drv
%Documents and Settings%\[UserName]\Recent\hymt.drv
%Documents and Settings%\[UserName]\Recent\kernel32.exe
%Documents and Settings%\[UserName]\Recent\pal.drv
%Documents and Settings%\[UserName]\Recent\PE.drv
%Documents and Settings%\[UserName]\Recent\ppal.exe
%Documents and Settings%\[UserName]\Recent\tempdoc.dll
%Documents and Settings%\[UserName]\Recent\tempdoc.drv
%Documents and Settings%\[UserName]\Recent\tjd.tmp
%Documents and Settings%\[UserName]\Start Menu\My Security Wall.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\My Security Wall.lnk
%Program Files%\Mozilla Firefox\searchplugins\search.xml
Remove registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “Build/13.00007″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Security Wall”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CLASSES_ROOT\xp_5f014.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “Build/13.00007″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Security Wall”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CLASSES_ROOT\xp_5f014.DocHostUIHandler
Please be careful because manual removal of My Security Wall may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
No comments:
Post a Comment