What is Security Alert?
The Malwarebytes research team has determined that Security Alert is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Security Alert?
You may see these warnings:
and this entry in your list of installed programs:
How did Security Alert get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Security Alert?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes Security Alert completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Security Alert adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O23 - Service: SecurityAlert - Mathematical Applications - C:\ProgramData\SecurityAlert\SecurityAlertService.exe
Alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\ProgramData\SecurityAlert Adds the file app.dat"="11/17/2014 1:06 PM, 776644 bytes, A Adds the file data.dat"="11/17/2014 1:06 PM, 2048 bytes, A Adds the file info.dat"="11/17/2014 1:06 PM, 64 bytes, A Adds the file SecurityAlert.dll"="11/17/2014 1:07 PM, 1241424 bytes, A Adds the file SecurityAlert.exe"="11/17/2014 1:07 PM, 48464 bytes, A Adds the file SecurityAlert.exe.config"="11/17/2014 1:07 PM, 190 bytes, A Adds the file SecurityAlert.ico"="11/11/2014 2:02 AM, 127988 bytes, A Adds the file SecurityAlertService.exe"="11/17/2014 1:06 PM, 2726736 bytes, A Adds the file SecurityAlertService.exe.config"="11/17/2014 1:06 PM, 189 bytes, A Adds the file Uninstall.exe"="11/13/2014 9:17 PM, 537424 bytes, A Adds the folder C:\Users\{username}\AppData\Local\SecurityAlert Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}] "ad"="REG_SZ", "getsecurityalert.com" "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5" "ip"="REG_SZ", "377" "ns"="REG_SZ", "SECU" "p"="REG_SZ", "377" "v"="REG_SZ", "2.7.47" "vp"="REG_SZ", "2.7.47377" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81f63421-ca74-765d-8a97-d1a6899d123c}] "ik"="REG_SZ", "{141337e5-5375-a644-48f4-0975fb1fd667}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}] "(Default)"="REG_DWORD", 1 "v"="REG_DWORD", 1 "vs"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}] "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edd1522d-74be-7152-ba49-5e9500e75bdd}] "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5" "p"="REG_SZ", "377" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecurityAlertService_RASAPI32] "ConsoleTracingMask"="REG_DWORD", -65536 "EnableConsoleTracing"="REG_DWORD", 0 "EnableFileTracing"="REG_DWORD", 0 "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing" "FileTracingMask"="REG_DWORD", -65536 "MaxFileSize"="REG_DWORD", 1048576 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecurityAlertService_RASMANCS] "ConsoleTracingMask"="REG_DWORD", -65536 "EnableConsoleTracing"="REG_DWORD", 0 "EnableFileTracing"="REG_DWORD", 0 "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing" "FileTracingMask"="REG_DWORD", -65536 "MaxFileSize"="REG_DWORD", 1048576 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityAlert] "DisplayIcon"="REG_SZ", "C:\ProgramData\SecurityAlert\SecurityAlert.ico" "DisplayName"="REG_SZ", "Security Alert" "DisplayVersion"="REG_SZ", "2.7.47" "EstimatedSize"="REG_DWORD", 4071 "HelpLink"="REG_SZ", "http://www.getsecurityalert.com/about.html" "InstallDate"="REG_SZ", "20141117" "Publisher"="REG_SZ", "Mathematical Applications" "UninstallString"="REG_SZ", "C:\ProgramData\SecurityAlert\uninstall.exe /kb=y /ic=0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SecurityAlert] "DependOnService"="REG_MULTI_SZ, "Winmgmt CryptSvc " "DisplayName"="REG_SZ", "SecurityAlert" "ErrorControl"="REG_DWORD", 1 "FailureActions"="REG_BINARY, <..................... "ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\SecurityAlert\SecurityAlertService.exe"" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\AppDataLow\Software\DynConIE] "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5" [HKEY_CURRENT_USER\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}] "(Default)"="REG_DWORD", 1 "v"="REG_DWORD", 1 "vs"="REG_SZ", "1"Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/17/2014 Scan Time: 1:22:50 PM Logfile: mbamSecurityAlert.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.17.03 Rootkit Database: v2014.11.12.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 275933 Time Elapsed: 4 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlertService.exe, 840, Delete-on-Reboot, [d106c67614681f17a661de0869988878] Modules: 0 (No malicious items detected) Registry Keys: 5 PUP.Optional.SecurityAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityAlert, Quarantined, [d106c67614681f17a661de0869988878], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [a82f4def710b7eb88f23724b99698e72], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [d502dc60a1db2115423f794446bce51b], PUP.Optional.SecurityAlert.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SecurityAlert, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.MultiIE.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [0bcc75c7720adc5a8232f0b53bc9bd43], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 1 PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert, Delete-on-Reboot, [8c4bc07c95e7de58a850c074c93a60a0], Files: 11 PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlertService.exe, Delete-on-Reboot, [d106c67614681f17a661de0869988878], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.exe, Quarantined, [f0e768d477058ea849bee7ff14ed946c], PUP.Optional.SecurityAlert.A, C:\Users\{username}\Desktop\0d3f1b209da5821be8c1106483da4bab4d564c841778b4d414c2274462be5691.exe, Quarantined, [33a483b918643ef804037e68639e5fa1], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\app.dat, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\data.dat, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\info.dat, Delete-on-Reboot, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.dll, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.exe.config, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.ico, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlertService.exe.config, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\Uninstall.exe, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention