Security_cleaner.exe virus

Security_cleaner.exe is an executable through which System Care Antivirus is being successfully brought to many attacked computers these days. We found out about this method of malware infiltration recently. It is also peculiar that this rogue AV is spread through certain browser vulnerabilities which may become inherent to browsers like Google Chrome, Mozilla Firefox and Internet Explorer. Other browsers are not an exception either.

The vulnerability of the browser is possible in the form of a special fake alert allegedly coming from Microsoft Antivirus. Here is how it looks like:

So, as you see, the message says this: “Microsoft Antivirus has found critical process activity on your system. You need to clean your computer to prevent the system breakage“. Obviously, this is a fake alert, which is not associated with Microsoft corporation at all. However, clicking “OK” is followed by another example of fake Microsoft Security Essentials Alert:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash.
Detected items:
Trojan-PSW.Win32.launch
HackTool:Win32/Welevate.A
Adware.Win32.Fraud

Obviously, when you click “Clean Computer” button, you automatically download the file called “security_cleaner.exe”, which is the direct installer of System Care Antivirus. The installer looks like this:

Whenever you see such installer on your computer, do not ever click (execute) it. If you do so you will install System Care Antivirus rogue into your system. As you see, hackers are very instrumental these days. So, they use browser vulnerabilties to implant all sorts of viruses and threats onto your PC. Whenever you see such examples of fake Microsoft Antivirus warnings, fake Microsoft Security Essentials Alerts, please disregard them and scan you PC with reliable security software. However, if you already have System Care Antivirus fake AV on your system, please follow the guidelines set forth below to remove it.

Steps to get rid of System Care Antivirus

How www.systemcare-antivirus.org fraudulent site looks like:

System Care Antivirus manual removal:

System Care Antivirus files to be removed:
%CommonAppData%\\
%CommonAppData%\\[random numbers and characters]
%CommonAppData%\\[random numbers and characters].exe
%CommonAppData%\\[random numbers and characters].ico
System Care Antivirus virus registry entries to be removed:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[random] %AppData%\[random]\[random].exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\DisplayIcon %AppData%\[random]\[random].exe,0
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\DisplayName System Care Antivirus
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\ShortcutPath “%AppData%\[random]\[random].exe” -u
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\UninstallString “%AppData%\[random]\[random].exe” -u