How to remove Fake Microsoft Security Essentials Alert

Tuesday, August 24th, 2010 at 9:13 am
Home » Fake warning messages, Trojan » Fake Microsoft Security Essentials Alert

Fake Microsoft Security Essentials Alert description

Microsfot Security Essentials Alert
Potential threat details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click ‘Show details’ to learn more.
Detected items: Unknown Win32/Trojan

Fake Microsoft Security Essentials Alert is a tricky message displayed by a trojan. The malware is disguised under appearance of Microsoft Security Essentials software; and the fake notification is presented as  Microsoft Security Essentials Alert. Be careful if if you see the warning on your PC.

Microsoft Security Essentials Alert is not delivered by Windows nor is it related to Microsoft in some way. The message is fabricated by trojan in order to trick you. The fake alert first claims that user’s computer is infected with a dangerous threat. The alert also offers scanning the machine online and there the fraud continues. The trojan will display a fake online scan by 35 anti-virus tools. While 30 of the names displayed represent legitimate security programs, the rest are fraudulent. The trojan will recommend installing the fake programs for cleaning the viruses up. The fake Microsoft Security Essentials Alert recommends Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit and AntiSpySafeguard. Do not install any of those tools! The programs are malicious and their only intention is getting your money.

Click here to delete Red Cross Antivirus.
Click here to remove Peak Protection 2010.
Click here to remove Pest Detector 4.1.
Click here to remove Major Defense Kit.
Click here to delete AntiSpy Safeguard.

How to manually remove Fake Microsoft Security Essentials Alert

To remove Fake Microsoft Security Essentials Alert spyware you must block Fake Microsoft Security Essentials Alert sites, stop and remove processes, unregister DLL files, search and delete all other Fake Microsoft Security Essentials Alert files and registry utility. Follow the Fake Microsoft Security Essentials Alert detection and removal instructions below.

The most typical software removal method is to remove Fake Microsoft Security Essentials Alert by using "Add or Remove Programs" service. However there may be hidden Fake Microsoft Security Essentials Alert files, running processes and registries in your computer, so Fake Microsoft Security Essentials Alert may recreate all other files after reboot.

Fake Microsoft Security Essentials Alert manual removal instructions

Stop and remove Fake Microsoft Security Essentials Alert processes:
antispy.exe
defender.exe
tmp.exe
Read more how to kill Fake Microsoft Security Essentials Alert processes

Locate and delete Fake Microsoft Security Essentials Alert registry entries:
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "tmp"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"
Read more how to delete Fake Microsoft Security Essentials Alert registry entries
Download RegistryBooster 2010 to scan errors caused by Fake Microsoft Security Essentials Alert

Detect and delete other Fake Microsoft Security Essentials Alert files:
%UserProfile%\Application Data\PAV\
%UserProfile%\Application Data\antispy.exe
%UserProfile%\Application Data\defender.exe
%UserProfile%\Application Data\tmp.exe
%UserProfile%\Local Settings\Temp\kjkkklklj.bat

We strongly recommend you to use spyware remover to track Fake Microsoft Security Essentials Alert and automaticaly remove Fake Microsoft Security Essentials Alert processes, registries and files as well as other spyware threats.

Download does not start? Try a mirror download here

Tags: , , , ,

39 Responses to

Fake Microsoft Security Essentials Alert

  1. Jeff Tobias

    The virus is not allowing me access to Task manager or regedit. Downloaded Removal tool on separate computer and transfered with thumbdrive installed and have a frozen program.

    Reply

  2. Hello

    You must change the file name to
    Antispy1
    Defender1
    Tmp1
    Note:only one file name will be present
    restart Then return to file and delete

    Reply

  3. aksaf

    You can disable it through tools on windows defender. In tools you can view and stop current running progs like task manager. You will then be able to access internet, regedit and all programmes.

    Reply

  4. Rick

    Used Windows defender as mentioned above but couldn’t find antispy.exe, defender.exe or tmp.exe. Instead I removed something called hotfix.exe as it looked suspicious and was installed today and I now have my internet access back.

    Reply

    Bill Reply:

    I have the same hotfix.exe in my applications data and listed as a currently running program in windows defender. I can’t seem to delete it. Is there a special delete function I’m not executing correctly?
    Thanks,
    Bill

    Reply

  5. kane

    I got this same virus… the file name associated with mine is hotfix.exe tagged with “fast maus” Only thing I could use was Hijack This. Kill it with the “misc tools” tab and then “process manager” which mimics task manager. Then you can navigate around and delete everything

    Reply

    Jack Reply:

    Thank you kane. I want to also figure out the security center (fake) being opened.. trying to figure how to close that too.

    Reply

    kam Reply:

    Thank you, Kane. I just spent all day trying everything I could to get rid of the Hotfix.exe file and the fake Microsoft Security alert. I downloaded HiJack this to a flash drive and ran it on the infected computer and “voila” just like magic it worked. Thanks so much for sharing your information.

    Reply

    Mary Ellen Reply:

    Thanks Kane for sharing your information. I did exactly what you said and it finally removed it!

    Reply

  6. Jim Z

    I did a system restore back to my last “Restore” point – problem solved.

    Reply

    Bloggs Reply:

    System restore has also been hijacked by this mess. As is all my browsers and regedit and everythign else. It has control. All these hints and programs are not removing it….

    Reply

    LJ Reply:

    When I found out I had this all I could do was access my “Libraries” folder. CTRL+F to search for regedit and ran the app. CTRL+ALT+DEL to start task manager and killed hotfix.exe service, then deleted (what I could find, and they were all not there!) of the registry entries above and replaced this item
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\antispy.exe”

    with the same above only deleted the shell that ended in hotfix.exe,

    ran malware bytes and bam! All is good in my world. Thanks for (most) of the tips, the rest was just pure luck I imagine!

    Reply

    Chris Reply:

    Thank you System Restore! Saved my butt more than once :)

    Reply

    Stacey Reply:

    Thanks for the tip. I should have thought of a system restore but didn’t. You saved me a ton of time.

    Reply

  7. TJ

    If you make a copy of taskmgr.exe (c:\windows\system32) with a different name, then run the copy, you can kill hotfix.exe (or any of the other programs) because it’s actually looking for, and killing, the process by filename, not by title (and it probably does the same with IE).

    It looks like it came in from a PDF file (older version of Adobe, now upgraded).

    Hope this helps the next unlucky surfer.

    Reply

    Annelibs Reply:

    Thank you so much – spent most of the day trying to get rid of this virus, and the copy of taskmgr allowed me to get rid of hotfix.exe but now seem to be stuck with something called ‘Thinkpoint’ seeminly the worlds largest security solution and having rebooted ia number of times it continues to open to this, even when I interrupt the start up and I know that this must be linked! Any ideas in getting rid of something that is asking me to ‘Safe Startup’ when I know it is likely to be anything but Safe!!!

    thanks v much

    Reply

    Luciana Reply:

    ThinkPoint is just another scam. Here’s detailed Think Point removal instructions

    Reply

    Kateh Reply:

    Making a copy of taskmgr is the quickest and easiest way to stop it. Thanks TJ

    Reply

  8. CapnMac

    I am incredibly happy that some one mentioned hotfix.exe as I spent hours looking for antispy and PAV to no avail.

    That, and downloading 5 or 6 different removal tools to equally no avail.

    Once again, knowing manual editing & knowing what one is about,is what carries the day.

    Reply

  9. Lucero

    My DH is having the same problem. Can’t open Run, Task Manager, System Restore does not work and cannot access IE, Outlook or Mozilla Firefox. Going to download a cleanup tool to my flash drive and take it to his office and see what happens :S.

    Reply

  10. MM

    Solution given by TJ really helped.

    Thanks

    Reply

  11. Ted

    I did not click to accept the scan when the first dialog box came up telling me to (if that makes a difference), but I was easily able to get rid of it by booting with the system disc and doing a system restore…never had such luck with other viruses. Running Vista on a Dell.

    Reply

  12. Arey654

    Try Start – Run taskkill /IM hotfix.exe , the go to c:\documents and settings\yourname\Application Data\ & delete Hotfix.exe from here.

    Reply

  13. OrenjiJusu

    I removed hotfix and have run about 3 different antivirus and anti malware programs and the problem seems to have been fixed, but my CPU usage is now at a constant 100% and I cannot access the Internet anymore. Any ideas as to what I can do?

    Reply

  14. NGETICH

    Thanks Kane hijacks this have save my day. this is the second time attack by this virus but atlease solve today with ease

    Reply

  15. Mary

    Thanks for the suggestion regarding System Restore … fortunately I hadn’t clicked any of the fake options (other than Close) and so it worked for me. Since I had lost internet connectivity, my tech support couldn’t troubleshoot it (work from home) and was going to have me ship the unit to them. So it save my non-profit $$$.

    Reply

  16. Jim

    I didn’t find antispy, hotfix, etc. But, I did find “protect.exe”, renamed it, restarted and all is well.

    Reply

    Jim Reply:

    Forgot to mention, I deleted the file, after above actions.

    Reply

  17. Pumpkin

    I make a copy of Taskmgr. Renamed it.
    Same problem flashes on screen and disapears.
    Tried typing it in the run window same probelm
    Tried Ctl-Alt-Del and Ctl-Alt-esc

    Any suggestions?
    I am also getting a Just-in-time debugging window.

    Reply

  18. Giorgio

    It appeared at kb494190687.exe under %userprofile%/appdata/adobe/plugs. deleted and removed

    Reply

  19. Lise

    I tried all above deletes. I found hotfix.exe and removed it but I was still getting this pop up and was blocked from internet and other functions on my computer. I then did a restore and Wala everything is back to normal now. Easy fix and should have done this first.

    Reply

  20. dave

    i didnt have hotfix.exe but something called gog.exe stopped it in defender tools and then deleted it in regedit
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon gog.exe (or somethig along those lines)

    all seems to be doing well now
    posts abovewere very helpful thanks

    Reply

  21. Krystyna Percontino

    You can certainly see your expertise in the paintings you write. The arena hopes for more passionate writers such as you who are not afraid to say how they believe. All the time go after your heart. I actually thought it was so great that I have linked to your site from my webblog! Here is the link

    Reply

  22. Max

    Hello

    A fake MSE error providing a list of so-called viruses (ie. Trojan and Adware) randomly appeared. It gave me the option to “RUN” “SAVE” or “CANCEL”. How do I know that it was fake? Because I just did a full scan earlier today – and the MSE icon is still on the “Protected” status. This will usually be on the “At Risk” status if it legitimately detected anything potentially threatening.

    I didn’t click on anything and just shut down my lap top immediately. Does this mean that the Trojan didn’t affect my lap top? I looked at the “PROCESSES” and didn’t see anything similar to Antispy1/Defender1/hotfix.exe.

    Fortunately I have read this article before the fake error notification even popped up.

    Reply

  23. Nicholas Bilaczenko

    I have assumed correcly after visiting this web site that this Microsoft alert notice was false, after I had false AVG antivirus alert, which resulted in having to reinstall a fresh Vista operating system.

    Reply

Trackbacks

Leave a Reply

Download does not start? Try a mirror download here