Remove My Security Engine

Trouble removing this virus? Try Spyware Doctor With Antivirus from PCTools. »Download

Online Virus Removal Guaranteed online virus removal service or you don't pay: www.OnlineComputerRepair.org

My Security Engine is a rogue anti-spyware application related to the well-known malware programs Cleanup Antivirus and Security Guard. Similarly to its relatives, My Security Engine tries to trick the user into paying for the license of the software. This malware application gets installed via Trojans that get downloaded by exploiting security weaknesses in user systems. Once installed, My Security Engine begins to perform endless fake security scans on the system, returning results that show that the computer is under threat from many non-existent malicious programs. It also displays and endless stream of fake warning pop-ups from the Windows taskbar warning about how much of the threat the user’s system is facing. The aim of all this activity is to try and trick the user in to purchasing a software license for the ‘full’ version of My Security Engine by claiming that the currently installed ‘trial’ version is insufficient to completely scan the system. System Security puts this request forward through its very authentic-looking GUI, through the warning pop-ups, and at the end of each fake scan. However, it must be noted that the so-called ‘full’ version is just as incapable of scanning or cleaning out any malware from any computer system as the ‘trial’ version is.

My Security Engine

My Security Engine

» Download My Security Engine Removal Software

As soon as you find a copy of this malicious software installed on your computer, you should take steps to delete My Security Engine. My Security Engine removal involves the stopping of processes, deregistering of DLLs, deletion of files and folders and the removal of registry entries.

Automatic My Security Engine Removal

We do recommend Spyware Doctor with Antivirus. This is one of the few clients out there that can really make a big difference. The problem most people will have is your fake client may block the install or updating of a real security product. You can always start of following the manual guide below. Once you terminate the running processes of this virus you should be able to install the client just fine. If you follow the link above and use coupon code removevirus10 you will get 10% off. This is an exclusive coupon we got just for removevirus.org readers.

Online My Security Engine Removal Service

Sometimes you just need a pro. If you are having troubles and do not understand the below guide or just feel better having an expert removing this threat and all others on your computer then we recommend www.onlinecomputerrepair.org. It's one of the leading remote computer repair companies out there and will get you taken care of.

My Security Engine Manual Removal Procedures

The first step you must take in order to remove My Security Engine is to stop the following processes:

MS345d.exe
PE.exe

The next step in My Security Engine removal is to unregister the following DLL files:

pal.dll
PE.dll
gid.dll
exec.dll
energy.dll
ANTIGEN.dll
CLSV.dll
mozcrt19.dll
sqlite3.dll

Next, it is necessary to remove the following files and folders:

Delete My Security Engine Files

Windows XP:

c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\2322.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
c:\Documents and Settings\All Users\Application Data\MSHOLE\
c:\Documents and Settings\All Users\Application Data\MSHOLE\MSJKEJCCE.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
%UserProfile%\Application Data\My Security Engine\
%UserProfile%\Application Data\My Security Engine\cookies.sqlite
%UserProfile%\Application Data\My Security Engine\Instructions.ini
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
%Documents and Settings%\All Users\Application Data\e4a12b7
%Temp%\del.bat

Windows Vista/7:

c:\%User%\ AppData\345d567
c:\ %User%\ AppData \345d567\2322.mof
c:\ %User%\ AppData \345d567\mozcrt19.dll
c:\ %User%\ AppData \345d567\MS345d.exe
c:\ %User%\ AppData \345d567\MSE.ico
c:\ %User%\ AppData \345d567\sqlite3.dll
c:\ %User%\ AppData \345d567\BackUp\
c:\ %User%\ AppData \345d567\MSESys\
c:\ %User%\ AppData \345d567\MSESys\vd952342.bd
c:\ %User%\ AppData \345d567\Quarantine Items
c:\ %User%\ AppData \MSHOLE\
c: %User%\ AppData \MSHOLE\MSJKEJCCE.cfg
%User%\ AppData \Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
%User%\ AppData \My Security Engine\
%User%\ AppData \My Security Engine\cookies.sqlite
%User%\ AppData \My Security Engine\Instructions.ini
%User%\ AppData \My Security Engine.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
%User%\ AppData \e4a12b7
%Temp%\del.bat

Once the above files and folders have been removed, My Security Engine no longer resides on your hard disk. At this point it is recommended to scan the entire PC using genuine antivirus software such as Spyware Doctor with Antivirus.

If you find this threat too hard to remove yourself and need an expert we recommend www.onlinecomputerrepair.org . They charge far less than others and are great at what they do.

My Security Engine Registry Removal Proedures

File removal alone is not sufficient to completely remove My Security Engine. In order to ensure complete My Security Engine removal, it is necessary to delete the following keys and settings from the registry as well:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “%CommonAppData%\e4a12b7\MySecurityEngine.exe”
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Engine"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = http://findgala.com/?&uid=195&q={searchTerms}

Once the above steps have been completed you have successfully removed My Security Engine from your system.

My Security Engine Directories:

c:\ %User%\ AppData \345d567\
XP: c:\Documents and Settings\All Users\Application Data\345d567

Conclusion

Inexperienced users are advised against attempting to delete My Security Engine manually, as any mistake made during removal could result in damage to the operating system. Therefore inexperienced users are advised to use a web-based repair service such as www.onlinecomputerrepair.org or legitimate antivirus software such as Spyware Doctor with Antivirus to completely and safely remove My Security Engine.

Other Software clients that Removevirus.org likes to use

As always please post updates to the file traces. If yours are different then other users will find it helpful.

10 comments for "Remove My Security Engine".

1. help

Submitted by Anonymous on Sat, 05/15/2010 - 09:25.

i tried CTRL ALT Delete and task manager wouldn't come out, then i tried run>taskmgr.exe and still nothing... i used malwarebytes' anti-malware before to clear all the virus' but it's still here, now i try to use spyware doctor and that wouldn't open either... what to do now?

2. Use the process killer tool

Submitted by technical admin on Sat, 05/15/2010 - 10:30.

Use the process killer tool located at http://www.removevirus.org/process-killing-software-654

Download the one that is already re-named to explorer.exe. then you should be able to terminate the needed process

Also you should be able to boot into safe mode with this threat and manually delete the traces that way. F8 on bootup to enter safe mode.

3. I have the same problem and I

Submitted by Anonymous on Sat, 05/22/2010 - 06:28.

I have the same problem and I don't know what I'm doing please help

4. Already answered this

Submitted by technical admin on Sat, 05/22/2010 - 12:14.

Already answered this question.

5. How I removed My Security Engine

Submitted by Anonymous on Tue, 05/25/2010 - 11:44.

I recently had a PC infected with “My Security Engine” Here are the steps I followed to get rid of it…

1. Download and install Malwarebytes Anti-Malware (this is the BEST free malware removal program). If you can afford the $24.95 price tag to get the Professional Version…do it, the real-time protection is great, otherwise the free version should suffice.

2. Scan using FULL SCAN option. Remove EVERYTHING it finds & REBOOT COMPUTER & Scan again. The second scan SHOULD come back clean, but if it doesn’t keep scanning till it does.

3. Scan with your Anti-Spyware Program. Spyware Doctor is good (used it for years), but the free version is useless, because it won’t delete anything it finds unless you upgrade to a paid for version. So I would go with SuperAntiSpyware Free Edition, which in my opinion is better and will delete what it finds. Once you have a clean scan move on to scanning with your Anti-Virus Program. If you don’t have one try choosing one of these…Avira Personal Free Edition, Avast Free Edition or Microsoft Security Essentials.

4. Now fix your Hijacked Search Engines…Open up Internet Explorer select TOOLS – MANAGE ADD-ONS – SEARCH PROVIDERS. Go down the list and DELETE/REMOVE them one by one, you will not be able to delete your default engine just yet. Now select – FIND MORE SEARCH PROVIDERS from the bottom of the page, add back as many as you want. Temporarily make one of the new search engines the default, so you can delete the remaining hijacked engine…then re-add a fresh version and make it the default again if you so choose. Make sure to check off PREVENT PROGRAMS FROM SUGGESTING CHANGES TO MY SEARCH PROVIDER for each re-added search engine.

5. Configure Internet Browser Security Settings…Please go to TOOLS – INTERNET OPTIONS – SECURITY – highlight the “INTERNET” zone – Click on CUSTOM LEVEL…now do the following:

Scroll down to DOWNLOAD SIGNED ACTIVE-X CONTROLS and select – PROMPT. Do the same for DOWNLOAD UNSIGNED ACTIVE-X CONTROLS. Now for INITIALIZE AND SCRIPT ACTIVE_X CONTROLS NOT MARKED AS SAFE FOR SCRIPTING select – DISABLE.

6. FIX/RESET Hosts File!!!
Try going to C:\Windows\System32\Drivers\etc. Do you see a file called “hosts” there? Or is there only one named “lmhosts.sam”? If you are still able to see the hosts file, then follow these instructions from Microsoft:

http://support.microsoft.com/kb/972034

However if you find that the above instructions don’t apply to you…or your hosts file is missing…keep reading :)

First go to C:\Windows\System32\Drivers\Etc select TOOLS from the menu bar, now select FOLDER OPTIONS click on VIEW select SHOW HIDDEN FILES, FOLDERS & DRIVES also make sure to uncheck HIDE PROTECTED OPERATING SYSTEM FILES. Now you SHOULD see the hosts file!

Now right click on the hosts file and select SECURITY…(did you notice how it is set to READ ONLY under the GENERAL TAB! ) Now under the security tab select EDIT to change permissions, select WRITE, then APPLY. Now go into NOTEPAD (run as Administrator for Vista or 7), open up the hosts file and delete the extra entries added by the malware (or delete whole thing and copy the original file from the Microsoft site above) now select SAVE.

If you are able to delete the file altogether and create a brand new hosts file using the microsoft instructions…please do, otherwise, this will at least fix the hijack. Remember to re-hide the protected Operating System files under folder options. I would also set the changed hosts file back to READ ONLY, until you can actually DELETE it and create a new one that is not protected

6. While I disagree a little

Submitted by technical admin on Tue, 05/25/2010 - 14:07.

While I disagree a little with the above, It's 100% solid info.

We have the Hosts re-set tool in the sidebar you can use which is much quicker for resetting your hosts file.

We also have a Reset tool for IE in the side bar which can be used.

Both free programs the above person mentions are the top free scanners out there. However the Spyware Doctor with Antivirus is better at protecting your computer so you do not get infected in the first place. A better defense is what people need. Remember you get what you pay for.

Who ever wrote the comment above should Contact Us. We could use your expertise to help write virus removal guides.

7. :) I'm so happy

Submitted by Anonymous on Wed, 05/26/2010 - 07:03.

Edited comment ( No Bashing ). His advice worked very well. The instructions are well written and easy to follow. All of the suggested scanners mentioned seemed to be stronger than my usual Norton and Adaware, as they found and removed hidden viruses after I had ran them both.

Thanks

8. My Security Engine

Submitted by Mirna (not verified) on Wed, 07/07/2010 - 03:36.

Thank you so very much for your wonderful support system you have provided regarding that no good pain in the butt "My Security Engine". We followed your advice and haa ray its gone.

My comment is from a non techie person's view - it takes a long time and a lot of patience. It took me a day to achieve, especially as it takes over an hour to down load and clean each section (there are three). However, the joy of not having that critter wrecking every e-mail or action I do is intense.

I would like to compliment the clear way you wrote your explanation. I choose the free option ways and succeeded (fingers crossed).

Feedback wise for future users/editions:
The only parts I found unclear was

a) Section 6's request to find the security tool section. Not easy to find. Suggest advise others to search the list and click on properties which opens up a new dialog box which takes you to the appropriate next section.

b) Hosts - After removing the host details from the notepad, and then downloading Windows fix-it, it does not then show up on the original notepad place but new on ones desktop. This did not make me completely confident that the old had been wiped and the new one was now in place.

Thank you again for your advice. I had previously tried the original details listed but most of the dll's listed and other exe's etc lists were not found on my computer.

I am 100% behind you and all the helpful souls who are willing to take time out to help the less knowledgable (in this area - we do have abilities in other fields!). It is intrusive and should be illegal for those critters to infiltrate and invade our personal computers.