Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Security Alert

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Security Alert?
 
The Malwarebytes research team has determined that Security Alert is adware. These adware applications display advertisements not originating from the sites you are browsing.
 
How do I know if my computer is affected by Security Alert?

You may see these warnings:

main.png

warning1.png
 
and this entry in your list of installed programs:
 
warning4.png

How did Security Alert get on my computer?
 
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
 
How do I remove Security Alert?
 
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Security Alert?
  • No, Malwarebytes' Anti-Malware removes Security Alert completely.
How would the full version of Malwarebytes Anti-Malware help protect me?
 
We hope our application and this guide have helped you eradicate this hijacker.  
 
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Security Alert adware.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


Technical details for experts
 
You will see these signs in a HijackThis log:
O23 - Service: SecurityAlert - Mathematical Applications - C:\ProgramData\SecurityAlert\SecurityAlertService.exe
 
 
Alterations made by the installer:
File system details  
---------------------------------------------
    Adds the folder C:\ProgramData\SecurityAlert
       Adds the file app.dat"="11/17/2014 1:06 PM, 776644 bytes, A
       Adds the file data.dat"="11/17/2014 1:06 PM, 2048 bytes, A
       Adds the file info.dat"="11/17/2014 1:06 PM, 64 bytes, A
       Adds the file SecurityAlert.dll"="11/17/2014 1:07 PM, 1241424 bytes, A
       Adds the file SecurityAlert.exe"="11/17/2014 1:07 PM, 48464 bytes, A
       Adds the file SecurityAlert.exe.config"="11/17/2014 1:07 PM, 190 bytes, A
       Adds the file SecurityAlert.ico"="11/11/2014 2:02 AM, 127988 bytes, A
       Adds the file SecurityAlertService.exe"="11/17/2014 1:06 PM, 2726736 bytes, A
       Adds the file SecurityAlertService.exe.config"="11/17/2014 1:06 PM, 189 bytes, A
       Adds the file Uninstall.exe"="11/13/2014 9:17 PM, 537424 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\SecurityAlert

Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]
       "ad"="REG_SZ", "getsecurityalert.com"
       "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5"
       "ip"="REG_SZ", "377"
       "ns"="REG_SZ", "SECU"
       "p"="REG_SZ", "377"
       "v"="REG_SZ", "2.7.47"
       "vp"="REG_SZ", "2.7.47377"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81f63421-ca74-765d-8a97-d1a6899d123c}]
       "ik"="REG_SZ", "{141337e5-5375-a644-48f4-0975fb1fd667}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]
       "(Default)"="REG_DWORD", 1
       "v"="REG_DWORD", 1
       "vs"="REG_SZ", "1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]
       "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edd1522d-74be-7152-ba49-5e9500e75bdd}]
       "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5"
       "p"="REG_SZ", "377"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecurityAlertService_RASAPI32]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecurityAlertService_RASMANCS]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityAlert]
       "DisplayIcon"="REG_SZ", "C:\ProgramData\SecurityAlert\SecurityAlert.ico"
       "DisplayName"="REG_SZ", "Security Alert"
       "DisplayVersion"="REG_SZ", "2.7.47"
       "EstimatedSize"="REG_DWORD", 4071
       "HelpLink"="REG_SZ", "http://www.getsecurityalert.com/about.html"
       "InstallDate"="REG_SZ", "20141117"
       "Publisher"="REG_SZ", "Mathematical Applications"
       "UninstallString"="REG_SZ", "C:\ProgramData\SecurityAlert\uninstall.exe /kb=y /ic=0"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SecurityAlert]
       "DependOnService"="REG_MULTI_SZ, "Winmgmt CryptSvc "
       "DisplayName"="REG_SZ", "SecurityAlert"
       "ErrorControl"="REG_DWORD", 1
       "FailureActions"="REG_BINARY, <.....................
       "ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\SecurityAlert\SecurityAlertService.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\DynConIE]
       "id"="REG_SZ", "2e8a5176bb2d4586bdb13e3fb709ddc5"
    [HKEY_CURRENT_USER\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]
       "(Default)"="REG_DWORD", 1
       "v"="REG_DWORD", 1
       "vs"="REG_SZ", "1"
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2014
Scan Time: 1:22:50 PM
Logfile: mbamSecurityAlert.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.17.03
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275933
Time Elapsed: 4 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlertService.exe, 840, Delete-on-Reboot, [d106c67614681f17a661de0869988878]

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.SecurityAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityAlert, Quarantined, [d106c67614681f17a661de0869988878], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [a82f4def710b7eb88f23724b99698e72], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [d502dc60a1db2115423f794446bce51b], 
PUP.Optional.SecurityAlert.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SecurityAlert, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.MultiIE.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [0bcc75c7720adc5a8232f0b53bc9bd43], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert, Delete-on-Reboot, [8c4bc07c95e7de58a850c074c93a60a0], 

Files: 11
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlertService.exe, Delete-on-Reboot, [d106c67614681f17a661de0869988878], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.exe, Quarantined, [f0e768d477058ea849bee7ff14ed946c], 
PUP.Optional.SecurityAlert.A, C:\Users\{username}\Desktop\0d3f1b209da5821be8c1106483da4bab4d564c841778b4d414c2274462be5691.exe, Quarantined, [33a483b918643ef804037e68639e5fa1], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\app.dat, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\data.dat, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\info.dat, Delete-on-Reboot, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.dll, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.exe.config, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlert.ico, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\SecurityAlertService.exe.config, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 
PUP.Optional.SecurityAlert.A, C:\ProgramData\SecurityAlert\Uninstall.exe, Quarantined, [8c4bc07c95e7de58a850c074c93a60a0], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.