Essential Cleaner
Essential Cleaner is a new addition to the System Tool family of rogue anti-virus applications. Essential Cleaner infections are known to spread by means of fake online system alerts that warn you about infections that require you to download Essential Cleaner to remove them. Once on your PC, Essential Cleaner will create more fake alerts, stop you from using many different applications, hijack your web browser and may even shut down your Internet connectivity. You should switch to Safe Mode to make sure any scans detect Essential Cleaner and remove Essential Cleaner with anti-malware applications that are designed to handle such threats.
Essential Cleaner: Cleaning You Out of Your Money with Fake Warnings
Essential Cleaner pretends to be a software solution to malware infections, but it never really takes the time to scan your computer. Instead, Essential Cleaner creates fake warnings like the samples below without checking to see if the infections are there or not:
Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
CLick [sic] Yes to download official intrusion detection system (IDS software).
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...
Essential Cleaner Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
Since Essential Cleaner doesn't offer any real anti-virus protection, there's no reason for you to purchase it as Essential Cleaner so insistently recommends. Other problems linked to Essential Cleaner include:
- Browser hijacks. Your web browser may display altered content with additional links, have its homepage setting changed, redirect you to hostile websites or show fake unsafe website alerts.
- Disabled file downloads. You may be able to avoid this attack by renaming the file into a generic file name like explorer.exe.
- Disabled applications. Security-related programs are almost certain to be targeted by Essential Cleaner. You can try renaming the executable file as noted in the above download attack; most rogue programs like Essential Cleaner are configured to allow certain baseline files to run by default.
You can also be infected by Essential Cleaner clones, which show the same properties with different program names. Some major Essential Cleaner clones include System Tool, Live Security Platinum, System Tool 2011 and System Tool 2.20.
Cleaning Out Essential Cleaner
Essential Cleaner has been known to befuddle many a PC user by avoiding detection by otherwise competent anti-malware programs. The key, in this case, is to use Safe Mode or a similar boot-up mode that stops Essential Cleaner from launching automatically, as it will do every time your PC loads Windows normally.
Afterwards, you should be able to detect and delete Essential Cleaner with appropriate anti-malware scanners. If no scanners are available, you can try to delete Essential Cleaner's randomly-named files, which hide in Program Data and Documents and Settings Folders. However, this should be done only if you have absolutely no access to a better, software-assisted solution that will remove Essential Cleaner with less chance of error.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\ 2 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll 3 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe 4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof 5 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx 6 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\ 7 %UserProfile%\Application Data\Essential Cleaner\ 8 %UserProfile%\Application Data\Essential Cleaner\cookies.sqlite 9 %UserProfile%\Application Data\Essential Cleaner\Instructions.ini
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = ‘http=127.0.0.1:18810'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Essential Cleaner"HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
Additional Information on Essential Cleaner
- The following messages's were detected:
# Message 1 Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...2 Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.
How do you download if your PC wont let you. I keep getting some fake error in you IE browser. I think Essential Cleaner is locking my internet access. I had to use a friends laptop.
In what capacity does safe mode allow security progs to remove essential cleaner any better? I want to know because it really worked for me. Thanks to Jeff!
i need help to get this off my damn pc . can anyone follow me through this i am how u say pc dumb
I would like to shoot the creators of essential cleaner in the head like the navy seals did to bin laden. Thanks to you guys i can remove essential cleaner because i could not find it in my add/remove programs.
Magic guys! Simply Magic! SpyHunter worked to remove Essential Cleaner. Could not have asked for better results. Norton was a major fail at finding this when it kept poping up on my screen. could not even surf the internet. Used your alternate download link. muchas gracias!
Still amazed how Essential Cleaner convinced me into buying it for $60. I am still kicking myself thinking this was a program that my husband installed. Damn these hackers to hell! Thanks for the tips on removing it. Used system restore luckily and it worked after 5 hours.
Went to buy Essential Cleaner and those crooks charged my card twice. What do I do? I called my bank last night but they were closed. Should I call VISA?
@Jeff, you are right. Safe mode works great. worked a treat for me using spyhunter. Essential cleaner junk is gone.
Did windows restore to get rid of this garbage essential cleaner. luckly i enabled system restore last month and was able to restore back to 3 weeks ago. lost a few files but was worth my 4 hours because i am poor.
I was going to bust a blood vessel if I could not get rid of Essential Cleaner. Freaking annoying as hell! Wont let me use IE to download your spyhunter. had to use firefox to download and then run it in safe mode. Just a tip for those who have the same issue.
just like "where is waldo"... where is a program that can remove essential cleaner. baammm... found it. you guys rock! was able to remove essential cleaner using your spyhunt prog.
IT worked. Now i just need to find out how NOT to get this mess again.
Its a stretch, but couldn't you remove essential cleaner with using system restore? Just restore it back to a day that you DID NOT have essential cleaner? Just some quick advice!
Tried kaspersky, NO LUCK, tried Norton, NO LUCK. tried Spyhunter, WORKED!!! Bam, this is just what the doctor ordered. Thanks. I took a chance and tried spyhunter and finally removed essential cleaner.
Whoa. Cannot open IE to go to any websites due to essential cleaner. Used my friends laptop and transferred your spyhunter install file via USB and wooolahh!!! WORKS! Essential removed! thx guys!
like a fine wine, you guys are GOOD! thx for all the help in removing. your spyhunter customer service was excellent to help remove essential cleaner
cannot download anything. PC froze twice and IE wont navigate to any website. How do you boot into safe mode?
you guys rock. safe F8 mode with spyhunter works
nothing works. no way in hell i can get my money back for buying essential? called my credit card to cancel card and still cannot get money back. my bank says the people at essential must cancel transaction. what can i do?