Fake Microsoft Security Essentials alert
Written by Tomas Meskauskas
Damage level: Severe
How to unblock your computer after fake Microsoft Security Essentials alert?
Fake Microsoft Security Essentials alert is ransomware, which attempts to trick unsuspecting computer users into paying for a bogus Microsoft Security Essentials additional module for 'dynamic proactive protection'. This scam was created by cyber criminals who make money from PC users who fall for this deception and pay for the fake Microsoft Security Essentials update. Microsoft Security Essentials (MSE) is a free antivirus program created by Microsoft who do not request payment for updates. Cyber criminals exploit the name of a reputable antivirus program in order to make their message appear authentic. When this ransomware infiltrates your PC, you will be unable to access your desktop, and the scam will report 'security infections' supposedly detected on your PC. It will then ask you to pay for the fake MSE security update.
This ransomware is slightly different to others, in that it actively infects Internet users worldwide - attempting to sell a non existent security update using the name of legitimate antivirus software. Other similar ransomware scams use the names of authorities and demand that you pay a fine for distributing copyrighted content. The deceptive message displayed by this ransomware also states that your computer is highly infected with viruses - a similar misleading technique used by fake antivirus programs to trick PC users. In fact, none of the security infections reported by this screen locker actually exist on your computer, therefore, ignore this message and do not pay for this fake MSE update.
Do not trust this message, it is a scam. Microsoft Security Essentials never requests payment for updates. This ransomware translates its misleading message into your language using your computer's IP address. To remove this scam from your PC, use the removal guide provided:
A message displayed by Fake Microsoft Security Essentials alert:
Microsoft Security Essentials Alert.
Your system has been blocked for security reasons.
Microsoft Security Essentials detected potential threats! Your system has reached the critical security level, because of visiting sites with infected and pornographic content. Its further use may lead to system collapse and complete loss of information. To restore Your Windows system performance, you need to download and install an additional module of the dynamic proactive protection. This module is an optional paid update for especially infected Windows systems. It eliminates the cause of system slowdown, associated with the presence of difficult-found malicious software, prevents the system crash and stabilize its operation. Recommendation: Download and install proactive protection module.
Computer status - At risk. To install this update please insert below Ukash or Paysafecard voucher pin-code. You can buy this voucher at the nearest press salon Inmedio, Inmedio Cafe, Relay and 1-Minute. After your payment is done, Your computer will be immediately updated and protected, all Trojans and viruses will be removed.
Fake Microsoft Security Essentials alert removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account that is infected with Fake Microsoft Security Essentials alert. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.
After completing these steps, your computer should be clean Reboot your computer in Normal Mode.
Alternative Fake Microsoft Security Essentials alert removal guide:
If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. In the opened command prompt type explorer and press Enter. This command will open explorer window. Do not close it and continue to the next step.
3. In the Command Prompt type regedit and press Enter. This will open the Registry Editor window.
4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install legitimate anti-spyware software, and perform a full system scan to eliminate any remnants of fake Microsoft Security Essentials alert.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing fake Microsoft Security Essentials alert from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.
Anti-spyware programs known to detect and remove Fake Microsoft Security Essentials alert:
The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.
A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in Fake Microsoft Security Essentials alert distribution:
Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of Fake Microsoft Security Essentials alert and other rogue antivirus programs:
To protect your computer from Fake Microsoft Security Essentials alert and other rogue antivirus programs users should:
- Keep their operating system and all of the installed programs up-to-date.
- Use legitimate antivirus and anti-spyware programs.
- Use caution when clicking on links in social networking websites and email messages.
- Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.
Symptoms indicating that your operating system is infected with a fake antivirus program:
- Intrusive security warning pop-up messages.
- Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
- Slow computer performance.
- Disabled Windows updates.
- Blocked Task Manager.
- Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.
If you are experiencing problems while trying to remove Fake Microsoft Security Essentials alert from your computer, please ask for assistance in our malware removal forum.
If you have additional information on Fake Microsoft Security Essentials alert or it's removal please share your knowledge in the comments section below.