What is E-Set Antivirus 2011?
E-Set Antivirus 2011 is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?
This are some screenshots of this rogue.
Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)
1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .
2. Download and run RKill.
Download mirror 1 – Download mirror 2 – Download mirror 3
- Save it to your Desktop.
- Double click the RKill desktop icon.
- It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue’s process temporarily. As a result, act quickly and move on to the next step.)
3. Download Malwarebytes’ Anti-Malware to your desktop.
- Rename the file to firefox.exe BEFORE downloading
- Double-click firefox.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes’ Anti-Malware
- and Launch Malwarebytes’ Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is Checked (ticked) and click on Remove Selected.
- Reboot your computer if prompted.
Malwarebytes should completely remove this infection however you can also download other free anti-malware softwares from the list below and run a full system scan to make sure that your computer is clean.
SUPERAntispyware Free
Hitman Pro 3.5
*Note : Remember to update the definitions before starting a scan.
If you are still experiencing problems on your machine, please start a new thread here.
How was I infected?
- Rogues can get on to computers without the user’s consent through Drive-by downloads. When a user visits a compromised or infected website, the site immediately checks for any security vulnerabilities on the machine to inject the malicious code.
- Peer-to-peer (P2P) programs utorrent, Limewire, and Kazaa are frequently used by hackers to distribute malware
- Hackers can also trick the user into downloading a file, saying it is a legitimate file needed to view a video or pictures.
How can I prevent these infections?
1. Keep Your System Updated
- Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities. Please ensure you update your system regularly.
To update Windows and Office
1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me choose when to install them button if you want the updates to be downloaded automatically but to be installed at another time.
To manually update Windows,
-
Start Internet Explorer. Go to Tools > Windows Update
2. Keep your Antivirus up-to-date
Make sure that you update your antivirus, firewall and anti-spyware programs regularly. If you don’t have an antivirus, download any one of the following:
- Avira AntiVir Personal– Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
- avast! 5 Home Edition – Anti-virus program for Windows. The home edition is freeware for noncommercial users.
- Microsoft Security Essentials – Free anti-virus program for Windows.
3. Avoid Peer-to-peer programs
- Peer-to-peer programs are legitimate but the files shared are extremely dangerous. Hackers often use fake file names to trick users into downloading malware.
4. Switch your browser
- Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads.
- Google Chrome is another good browser that is faster and more secure than Internet Explorer.
5. Read our other “Security Tips”
Tehnical details :
Associated files and registry values:
Files:
C:\Documents and Settings\All Users\Start Menu\E-Set 2011\
C:\Documents and Settings\All Users\Start Menu\E-Set 2011\E-Set Antivirus 2011.lnk
C:\Documents and Settings\All Users\Start Menu\E-Set 2011\Uninstall.lnk
C:\Program Files\E-Set 2011\
C:\Program Files\E-Set 2011\e-set.exe
C:\WINDOWS\system32\msiexecs.exe
Registry values:
HKEY_CURRENT_USER\Software\[SET OF RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\[SET OF RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "E-Set 2011" = 'C:\Program Files\E-Set 2011\e-set.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 16.03.2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'msiexecs.exe -sb']"