Check out some similar questions!

missk · Apr 26, 2010, 07:20 PM

My husband was fiddling around on the internet. He clicked on a website and one of those pop ups came up about "warning malicious stuff on your computer blah blah blah click here to scan blah blah"
I don't know what he did after that but next thing you know we have an icon on our computer called "My Security Engine".
We can still work around the pop up but it's dead center on the screen.
We ran malware bytes (I think that's what it's called) and it dected something and it seemed like it was gone after we quarantined.
Next day, there it is back again.
Also when we Google stuff it somehow redirects to fake websites.
So does anyone know how I can get rid of this?
It's called My Security Engine.
I am currently in safe mode right now.
I have no clue what to do, but I can follow directions well.
Oh after it came up the next day, I ran malware bytes antimalware on safe mode and it detected nothing. I also cleaned up everything with cc cleaner.
Please somebody help! Thanks... :D

seahwk83 · Apr 26, 2010, 07:33 PM

There is a manual removal method and would suggest that if you may know someone you feel comfortable with making some registry edits

Malwarebytes should take care of it for you, it is freeware and can be used without purchase
Malwarebytes

As you do say you ran malware and did not help, would suggest the manual removal below

If still a problem after that, here is the manual instructions link (there is also a link to download a software to fix it, but it is not free - should be able to fix this without purchasing anything)

So skip download box and there is manual removal instructions
Remove My Security Engine, removal instructions

Andy R · Apr 26, 2010, 07:43 PM

Unfortunately some of the more advanced modern viruses go to extreme lengths to disable or interfere with common detection tools such as Malwarebytes. They also know how to stop some anti-virus from removing them. What anti-virus software are you running? Have you downloaded all the latest definitions for antivirus and malwarebytes? You might want to try Spyware Doctor with Anti-Virus which is free from Google, you can get it here:
Google Pack

It would also be helpful if you could copy/paste the information about the virus.

missk · Apr 26, 2010, 07:57 PM

Thanks You.
I don't think I have any anti-virus software running. I downloaded the latest version of malwarebytes in safe mode.
I also have another virus remover checker thing (sorry I don't know the correct word for that) it is called super anti spyware and it didn't detect anything either. I have a feeling this is a more advanced virus.
Oh yeah after I ran in safe mode and it didn't detect anything, I went back to regular and tried to run it and the virus kept me from running it.
It also had another pop up about registry editor and to click okay. I can still use the internet for about 10 minutes, then the background gets shady and I can't do anything. Also it's like it's an automated type thing and it just automatically pops up.
I'm going to check out the links you posted seahwk83.
Thanks again for your answers.

missk · Apr 26, 2010, 08:00 PM

Can I do all this in safe mode?

missk · Apr 26, 2010, 08:02 PM

I thought spyware doctor was like a virus type thing too?

Andy R · Apr 26, 2010, 08:02 PM

Make sure and backup your important files in case you have to re-install windows. You can also try AVG Anti Virus for free (non-commercial use). It's not considered the best anti-virus but I think it's decent and hey, it's free.
AVG Free - Download Free Antivirus and Antispyware for Windows 7, Vista and XP

I have a colleague who once got a nasty virus and she had to run malware bytes from a thumbdrive and change the name of the program because the virus was killing the program otherwise.

missk · Apr 26, 2010, 08:18 PM

Sorry for all my questions... what do you mean andy about copy/paste the information about the virus.
I mean I know what copy/paste is, but what exactly do I copy/paste?

Andy R · Apr 26, 2010, 08:45 PM

You said

We ran malware bytes (I think that's what it's called) and it dected something and it seemed like it was gone after we quarantined.

Is that something My Security Engine or something else?

KISS · Apr 27, 2010, 02:01 AM

Can you use system restore and restore to an earlier time?

Generally works well if you can. There is usually an option when you boot to use safe mode and system restore.

Running "Microsoft Security Essentials" may work too, but it could take up to 8 hours to scan an HD.

missk · Apr 27, 2010, 05:33 AM

Andy, I think it did detect My Security Engine, But I am not for positive.
KeepIt SimpleStupid, I can use system restore, and I thought about that, but last time something like this happened it didn't work. I would try it, but... I'm virus free!! YaY!
So here is what I did. I don't know why I did this, but it worked.
I went into safe mode and I uninstalled malwarebytes. (I just downloaded the latest version after all this happened, but for some reason it wasn't working)
So-I uninstalled malwarebytes, then I downloaded it again.
I ran malwarebytes.
It detected 70 items! And yes this time one of those was My Security Engine thank goodness!
I hope what I'm saying makes since in case other people read this...
Thanks for your answers...

YourSupportAgent · Apr 27, 2010, 04:00 PM

Hi missk,

You have done right by ignoring these pop ups. Clicking on them will only make things worse.

Visit Windows Live OneCare and run the "FULL SERVICE SCAN". This tool is provided by Microsoft FREE of charge and it will scan and remove any infections. The Full service scan will also give your PC a tune up.

Microsoft also offers free support for removal of infections if the scan fails. You can call toll-free/ free of charge @ 1-866-727-2338

Many customers have been pleased with their service.

If you have any other questions, do not hesitate to ask. :o)

AskME4 · Jan 12, 2012, 07:32 AM

Hello,
For Manual removing:

Stop these My Security Engine processes:
MS345d.exe
PE.exe
Disable these My Security Engine DLL files:
pal.dll
PE.dll
gid.dll
exec.dll
energy.dll
ANTIGEN.dll
CLSV.dll
mozcrt19.dll
sqlite3.dll
Remove these My Security Engine Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “%CommonAppData%\e4a12b7\MySecurityEngine.exe”
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Micros oft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "My Security Engine"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
Remove these My Security Engine files:
c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\2322.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\MS345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\MSE.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\
c:\Documents and Settings\All Users\Application Data\345d567\MSESys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
c:\Documents and Settings\All Users\Application Data\MSHOLE\
c:\Documents and Settings\All Users\Application Data\MSHOLE\MSJKEJCCE.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
%UserProfile%\Application Data\My Security Engine\
%UserProfile%\Application Data\My Security Engine\cookies.sqlite
%UserProfile%\Application Data\My Security Engine\Instructions.ini
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Start Menu\Programs\My Security Engine.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
%Documents and Settings%\All Users\Application Data\e4a12b7
%Temp%\del.bat

If you have problems removing it by yourself, try anti-spyware software. There are a lot of paid or free anti-spyware applications over internet.. Read more about My Security Engine