About This Site

I'm a Tech Guy for over 30 Years Knowledge of Computers, Networks, PC Gadgets. This site is to be used to share some of my knowledge and reviews

Remove Essential Cleaner

Got a couple of computers infected with a fake antivirus called Essential Cleaner. One was on an XP PC, the other Windows 7 64-Bit. My normal malware removers could not detect it so I searched it on the Internet and found this article.

Basically it describe how to remove in manually. To remove it manually you will need to go into safe mode (F8). Once in safe mode you want to run regedit and go to the following:

KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In there will be some long random .exe. Note the location (Windows 7 usually in C:\ProgramData, XP under C:\Documents and Settings\Al users\Application Data). Delete the entry in the Register. Then delete the files in the directory noted above.

The XP machine also had all its files and folders flagged hidden. Some of the spyware/fake av will do this. Easiest way in XP to unhide the files is (in safe mode still) go to a DOS Prompt and at the root of C: type the following:

attrib *.* -h /s /d

This will unhide all files and folders (not files or folders that are flagged system).

ADDENDUM:

I got a Vista machine in and Malwarebytes found and removed it. Must be different strains in the wild.

 

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>