Posts Comments

Remove Security Mechanic | Removal Guide

By admin on July 24, 2009 Leave a Comment

Security Mechanic is a fake client that will only show false infection results. This application is similar in nature to spyProtector and System Protector. All three programs share the same visual interface and show the same bogus scan results. This guide covers how to Remove Security Mechanic.

You should NOT PURCHASE THIS PROGRAM. Just like most fake security programs they try to scare users into purchasing the program by giving fake and misleading statements. Some of these statements you may see are “System warning: Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with the latest version of Security Mechanic” and “Security Mechanic Security Mechanic has detected harmful software in your system. It is strongly recommended to register Security Mechanic to remove these threats immediately.

Click on this message to fix these errors.” In most cases use infected with Security Mechanic have several other trojans and viruses installed as well. You need to run a full scan using your favorite security client to ensure you are not infected with anything else.

Some symptoms of Security Mechanic:

* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software’s website * constant warnings of being infected as well as false statements of other trojans

Remove Security Mechanic

Remove security Mechanic

Manual removal instructions for Security Mechanic ( Please read our disclaimer bellow )

Kill processes:

  • securitymechanic.exe
  • setup.exe
  • windll32.exe
  • lsascs.exe

Delete registry values:

  • HKEY_CLASSES_ROOT\CLSID\{107a1d63-2eaa-4694-8aba-ec209c630d83}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Security Mechanic”

Unregister DLLs:

  • shellex.dll

Delete files:

  • setup.exe
  • shellex.dll
  • spyprotector.cpl
  • SC_Base_new.dat
  • SC_Config.ini
  • windll32.exe
  • lsascs.exe

Delete directories:

  • %ProgramFiles%\Security Mechanic
  • %UserProfile%\Application Data\spyprotector
  • %Documents and Settings%\[User]\Application Data\SpyProtector\

Please keep in mind that viruses mutate and change all the time. Do expect the above to change around a little. However this guide should work well for you and any experienced pro will be able to follow it and figure out the traces if they mutate.

Ourside Resources

http://community.norton.com/t5/Tech-Outpost/PC-tools-registry-mechanic/td-p/629925

http://www.bleepingcomputer.com/virus-removal/remove-security-mechanic

Filed Under: Virus Removal Tagged With: , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.