Security Mechanic is a fake client that will only show false infection results. This application is similar in nature to spyProtector and System Protector. All three programs share the same visual interface and show the same bogus scan results. This guide covers how to Remove Security Mechanic.
You should NOT PURCHASE THIS PROGRAM. Just like most fake security programs they try to scare users into purchasing the program by giving fake and misleading statements. Some of these statements you may see are “System warning: Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with the latest version of Security Mechanic” and “Security Mechanic Security Mechanic has detected harmful software in your system. It is strongly recommended to register Security Mechanic to remove these threats immediately.
Click on this message to fix these errors.” In most cases use infected with Security Mechanic have several other trojans and viruses installed as well. You need to run a full scan using your favorite security client to ensure you are not infected with anything else.
Some symptoms of Security Mechanic:
* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software’s website * constant warnings of being infected as well as false statements of other trojans
Remove Security Mechanic
Manual removal instructions for Security Mechanic ( Please read our disclaimer bellow )
Kill processes:
- securitymechanic.exe
- setup.exe
- windll32.exe
- lsascs.exe
Delete registry values:
- HKEY_CLASSES_ROOT\CLSID\{107a1d63-2eaa-4694-8aba-ec209c630d83}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{107a1d63-2eaa-4694-8aba-ec209c630d83}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Security Mechanic”
Unregister DLLs:
- shellex.dll
Delete files:
- setup.exe
- shellex.dll
- spyprotector.cpl
- SC_Base_new.dat
- SC_Config.ini
- windll32.exe
- lsascs.exe
Delete directories:
- %ProgramFiles%\Security Mechanic
- %UserProfile%\Application Data\spyprotector
- %Documents and Settings%\[User]\Application Data\SpyProtector\
Please keep in mind that viruses mutate and change all the time. Do expect the above to change around a little. However this guide should work well for you and any experienced pro will be able to follow it and figure out the traces if they mutate.
Ourside Resources
http://community.norton.com/t5/Tech-Outpost/PC-tools-registry-mechanic/td-p/629925
http://www.bleepingcomputer.com/virus-removal/remove-security-mechanic
Speak Your Mind