Security_cleaner.exe virus

Security_cleaner.exe is an executable through which System Care Antivirus is being successfully brought to many attacked computers these days. We found out about this method of malware infiltration recently. It is also peculiar that this rogue AV is spread through certain browser vulnerabilities which may become inherent to browsers like Google Chrome, Mozilla Firefox and Internet Explorer. Other browsers are not an exception either.


The vulnerability of the browser is possible in the form of a special fake alert allegedly coming from Microsoft Antivirus. Here is how it looks like:

Microsoft Antivirus alert

So, as you see, the message says this: “Microsoft Antivirus has found critical process activity on your system. You need to clean your computer to prevent the system breakage“. Obviously, this is a fake alert, which is not associated with Microsoft corporation at all. However, clicking “OK” is followed by another example of fake Microsoft Security Essentials Alert:

Fake Microsoft Security Essentials Alert

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash.
Detected items:
Trojan-PSW.Win32.launch
HackTool:Win32/Welevate.A
Adware.Win32.Fraud

Obviously, when you click “Clean Computer” button, you automatically download the file called “security_cleaner.exe”, which is the direct installer of System Care Antivirus. The installer looks like this:

security_cleaner.exe

Whenever you see such installer on your computer, do not ever click (execute) it. If you do so you will install System Care Antivirus rogue into your system. As you see, hackers are very instrumental these days. So, they use browser vulnerabilties to implant all sorts of viruses and threats onto your PC. Whenever you see such examples of fake Microsoft Antivirus warnings, fake Microsoft Security Essentials Alerts, please disregard them and scan you PC with reliable security software. However, if you already have System Care Antivirus fake AV on your system, please follow the guidelines set forth below to remove it.

System Care Antivirus

Steps to get rid of System Care Antivirus

  • Apply “Win + E” hotkey command on your keyboard. This will open Windows Explorer.
  • In the address field insert the following link: https://www.system-tips.net/download/KillProc.zip
  • Save this KillProc.zip file onto your Desktop.
  • Hold “Shift” key on your keyboard and right-click KillProc.zip
  • Select “Open with…
  • In the windows that comes up select “Browse
  • Find the program called Windows Explorer as the one that will open this KillProc.zip archive. The location for this program is C:\WINDOWS\explorer.exe
  • Click “Open“.
  • In the “Open with…” window select “Windows Explorer” and click “OK“.
  • Open KillProc archive and copy 2 files onto your Desktop – autoscan.dat and iExPlOrE.exe
  • Run iExPlOrE.exe
  • Click “Automatic Scan
  • The message should come up with the name of threat named System Care Antivirus, you need to click “Yes” to stop its process.
  • The process of System Care Antivirus should be killed.
  • Now it’s time to download and run real and powerful anti-malware program recommended in this blog to remove System Care Antivirus malware.
  • How www.systemcare-antivirus.org fraudulent site looks like:

    www.systemcare-antivirus.org

    System Care Antivirus manual removal:

    System Care Antivirus files to be removed:
    %CommonAppData%\\
    %CommonAppData%\\[random numbers and characters]
    %CommonAppData%\\[random numbers and characters].exe
    %CommonAppData%\\[random numbers and characters].ico
    System Care Antivirus virus registry entries to be removed:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[random] %AppData%\[random]\[random].exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\DisplayIcon %AppData%\[random]\[random].exe,0
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\DisplayName System Care Antivirus
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\ShortcutPath “%AppData%\[random]\[random].exe” -u
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\UninstallString “%AppData%\[random]\[random].exe” -u