Home » Fake Antispyware » Home Malware Cleaner

Home Malware Cleaner Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 478
Category: Fake Antispyware

Home Malware Cleaner is a clone of very well known rogues Smart Anti-Malware Protection and Internet Security Guard, and it has been created by the same cyber criminals who have already profited from countless PC user around the world. This deceitful antispyware warns you with completely bogus danger and claims to protect you, when, in fact, it breaches your privacy and cheats your trust. Before you get tangled in its web, remove Home Malware Cleaner and protect your system!

The rogue can be hiding anywhere in the virtual space, so being careful when opening suspicious files sent through spam emails, or ignoring flashy online advertisement can save you from unnecessary problems. Home Malware Cleaner is able to infect your operating system quickly and can create security loopholes for other malware to invade. This is why it is important you delete it immediately. When Home Malware Cleaner gets installed into the system, it can stop your regular interaction with the computer, as you might notice your computer running slower than usual. You may also notice slow internet connection speed or other computer dysfunctions.

Home Malware Cleaner and its clones are very similar. They not only share the same desire to profit from you but also have the same interface. The rogue pretends to be a legitimate antispyware tool and even uses Microsoft name to gain your trust (Genuine Microsoft Software sign). It initiates a scanner which notifies you with lots of fake threats found in your PC. This is absolutely bogus, and the only malware in your computer is Home Malware Cleaner itself! The rogue will send you pop-ups, recommendations and security warnings to get your attention and make you believe that your system’s security is in danger. It will then offer you to buy a full version of useless software you absolutely DO NOT need.

Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…

Recommendation: Activate Home Malware Cleaner to get Full protection against malicious, virus, spyware and unwanted software

Recommended:
Please click “Remove all” button to erase all infected files and protect your PC

Cyber criminals do not have a conscience and will do everything to make more profit, so do not trust the cunning scheme and remove Home Malware Cleaner immediately! If you have already paid the money for this useless program, do not let the schemers get away with it and inform your bank. You may be able to get your money back! To remove the malicious software, trust a legitimate antispyware tool, or do it manually. Note that ONLY experienced users will be able to remove Home Malware Cleaner manually, and you should not experiment with your Windows system, as you can cause more damage.

To help you with the Home Malware Cleaner removal, use the activation key bellow. Warning! Activation key will NOT remove the malware from your computer.
U2FD-S2LA-H4KA-UEPB

Download Malware Scanner to detect Home Malware Cleaner
Tested Home Malware Cleaner removal solution for 64/32-bit Windows 7/Vista/XP/2000
*The Spyhunter scanner download on this site is intended to be used as a detection tool. If you want to use its a removal function, you will need to purchase the full version of SpyHunter.

Home Malware Cleaner technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1%CommonAppData%\79b35\sqlite3.dll
2%AllUsersProfile%\Application Data\??????
3%AppData%\Home Malware Cleaner\cookies.sqlite
4%Desktop%\Home Malware Cleaner.lnk
5HMd1e_8020.exe2965504 bytesMD5: 28e1aa7f81799d7e7ff481d8bd313510
6%UserProfile%\Recent\ANTIGEN.drv
7%UserProfile%\Recent\tjd.drv
8%UserProfile%\Recent\PE.drv
9%CommonAppData%\79b35\
10%AppData%\Home Malware Cleaner\
11%UserProfile%\Recent\fix.drv
12%CommonAppData%\[random]\ASE.ico
13%UserProfile%\Recent\PE.tmp
14%UserProfile%\Recent\CLSV.exe
15%Programs%\Home Malware Cleaner.lnk
16%CommonAppData%\79b35\HMa76.exe
17%CommonAppData%\79b35\BackUp\
18%UserProfile%\Recent\eb.tmp
19%StartMenu%\Programs\Home Malware Cleaner.lnk
20%CommonAppData%\79b35\mozcrt19.dll
21HMcac_8001.exe2965504 bytesMD5: 49f21906c7143bd3384609ead1aa3b87
22%AppData%\Home Malware Cleaner\ScanDisk_.exe
23%CommonAppData%\79b35\Quarantine Items\
24%StartMenu%\Home Malware Cleaner.lnk
25%UserProfile%\Recent\tempdoc.sys
26%UserProfile%\Recent\grid.exe
27%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Malware Cleaner.lnk
28%CommonAppData%\[random]\[random].cfg
29%UserProfile%\Recent\tempdoc.drv
30%UserProfile%\Recent\DBOLE.tmp
31%CommonAppData%\79b35\HMC.ico
32%CommonAppData%\79b35\HMCSys\
33%AppData%\Home Malware Cleaner\Instructions.ini
34%UserProfile%\Recent\PE.exe
35%CommonAppData%\79b35\6543.mof
36%CommonAppData%\[random]\[random].exe
37%UserProfile%\Recent\SICKBOY.tmp
38%UserProfile%\Recent\exec.drv
39%AllUsersProfile%\??????
40%UserProfile%\Desktop\Home Malware Cleaner.lnk
41%UserProfile%\Recent\energy.tmp
42%AllUsersProfile%\?????
43%AllUsersProfile%\Application Data\?????

Files in the following directories were modified:

  • %CommonAppData%\79b35
  • %AllUsersProfile%\Application Data
  • %AppData%\Home Malware Cleaner
  • %Desktop%
  • %UserProfile%\Recent
  • %CommonAppData%\[random]
  • %Programs%
  • %CommonAppData%\79b35\BackUp
  • %StartMenu%\Programs
  • %CommonAppData%\79b35\Quarantine Items
  • %StartMenu%
  • %AppData%\Microsoft\Internet Explorer\Quick Launch
  • %CommonAppData%\79b35\HMCSys
  • %AllUsersProfile%
  • %UserProfile%\Desktop

Memory Processes Created:

# Process Name Process Filename Main module size
1HMd1e_8020.exeHMd1e_8020.exe2965504 bytes
2CLSV.exeCLSV.exe
3HMa76.exeHMa76.exe
4HMcac_8001.exeHMcac_8001.exe2965504 bytes
5ScanDisk_.exeScanDisk_.exe
6grid.exegrid.exe
7PE.exePE.exe
8[random].exe[random].exe

Registry Modifications:

The following Registry Keys were created:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = 8010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "runtime 13.08010"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Home Malware Cleaner” “%CommonAppData%\[random]\[random].exe” /s /d
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Home Malware Cleaner"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8010&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
  • HKEY_CLASSES_ROOT\dumped_patched.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *