1 of 2
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Cant change my homepage
  • Annoying Pop-up's
  • Slow Computer
Infection Video Security Sphere

Security Sphere

Security Sphere is a new rogue antispyware application right off the pan and it brings nothing but bad news, because it is a new version of the notorious MS Removal Tool. Other rogues in the family include Security Shield, System Tool and the like. So System Sphere comes well prepared keeping in mind that it has quite a few dangerous predecessors behind its back, the creators of these rogues seem to be determined to torture innocent computer users until the very end of 2011.

The most dangerous thing about this rogue is that it looks and acts like a real antivirus program, so if a user cannot differentiate between rogues and genuine security programs, Security Sphere can cause great damage to their systems. One thing you have to keep in mind is that Security Sphere comes forth with intention to steal your money, and it would never be able to protect you from harm.

Download Spyware Removal Tool to Remove* Security Sphere
  • Quick & tested solution for Security Sphere removal.
  • 100% Free Scan for Windows

This rogue is usually delivered to your computer via fake online malware scanners of hacked websites. Sometimes the only thing you need to do is to open an infected website and Security Sphere gets downloaded onto your computer automatically. It does not prompt you about the download. The installation process is also carried out without your permission, and when the rogue is fully installed, it creates randomly named files in the following directory for Windows XP: C:\Documents and Settings\All Users\Application Data. For Windows Vista and Windows 7 Security Sphere nestles in C:\ProgramData directory.

Security Sphere has infection symptoms similar to those of MS Removal Tool. The relationship between the two rogues is more than obvious from their almost identical interfaces. The first thing Security Sphere does when it is up and running is performing a fake system scan. During the scan, it finds a lot of Trojans and other type of malware “infecting” your computer. For example: Win32.Spamta.KG.worm, Trojan.Dropper.MSWord.j, Win32.Clagger.C and so on. These are the names of real existing parasites but that does not mean that they are really there in your computer. The results of the scan are fake, and Security Sphere only wants to convince you that you are seriously infected with malware.

Another thing this rogue does in order to achieve its aim is blocking exe files from running. Whenever you want to run a certain program, it sends the following message, disallowing you to run the program of your choice with a pretense that it is infected and it needs to be closed:

Warning!
Application cannot be executed. The file notepad.exe is infected.
Please activate your antivirus software.

On top of that, Security Sphere also has a whole range of fake security messages that it spams you with, trying to push you into buying the license. Some of the messages include:

Security Sphere Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with Security Sphere

Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software...

Security Sphere Warning
Your computer is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details.
Click here to activate protection.

If you think that was over the top, then Security Sphere also has another annoying feature which is redirecting your internet browser and blocking you from accessing certain websites. It does so in order to remain in your computer for as long as possible, so if you receive the following message when you try to open a certain website and you are blocked, you should know that you are seriously infected with Security Sphere:

Warning message from Internet browser. This page under virus attack. This may crash your system.

This may be caused by:

• Virus content founded at this site trying to install its components.
• Malicious & unknown network processes are determined.
• Your system is under virus attack
• Negative references from other citizens concerning this web page.
• Your system ports and backdoors have been checked by visited page for external access.

Recommendations:

• Obtain a license of "Security Sphere" to protect your PC for the safest browsing Internet pages (desirable)
• Launch spyware, virus and malware scanning process.
• Keep browsing

All in all, Security Sphere is a dangerous rogue antispyware that you need to get rid of as soon as possible. In order to make the removal of this program smoother, use the following activation code:

8945315-6548431

When you "register" the rogue it is a lot easier to terminate it. Erase Security Sphere with a reliable antimalware tool if you are not sure of your computing skills and do not know how to get rid of it manually. Whatever you do, make sure that in the end your computer is clean of the rogue and its components, and that it is safeguarded against similar attacks.

Download Spyware Removal Tool to Remove* Security Sphere
  • Quick & tested solution for Security Sphere removal.
  • 100% Free Scan for Windows

How to renew your internet connection:

This rogue antispyware blocks your Internet connection to prevent you from removing the rogue application. To enable the Internet connection, please follow these instructions:
  1. Open Internet Explorer and go to >Tools< select >Internet Options<

  2. Select >Connections<

  3. Select >LAN Settings<

  4. Now you need to uncheck the checkbox labeled >Use a proxy server for your LAN< in Proxy Server section. Then press the >OK< button to close this screen and press the >OK< button to close the Internet Options screen.

  5. Now you can download the SpyHunter scanner and remove the infection.

Download Spyware Removal Tool to Remove* Security Sphere
  • Quick & tested solution for Security Sphere removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Security Sphere

Files associated with Security Sphere infection:

eE02901GfNiF02901.exe
%ALLUSERSPROFILE%\Dati applicazioni\????????????????
%ALLUSERSPROFILE%\Anwendungsdaten\????????????
%ALLUSERSPROFILE%\Application Data\????????????????
%ALLUSERSPROFILE%\Anwendungsdaten\?????????????????
%ALLUSERSPROFILE%\Datos de programa\?????????????????
%AllUsersProfile%\Application Data\????????????
%ALLUSERSPROFILE%\Programdata\????????????
%ALLUSERSPROFILE%\Anwendungsdaten\??????????
%ALLUSERSPROFILE%\Application Data
%ALLUSERSPROFILE%\Anwendungsdaten\????????????????
%ALLUSERSPROFILE%\Datos de programa\??????????
%ALLUSERSPROFILE%\??????????????????
%ALLUSERSPROFILE%\Datos de programa\??????????????????
Mn02901GfNiF02901.exe
%ALLUSERSPROFILE%\?????????????????
vL02901GfNiF02901.exe
nN02901GfNiF02901.exe
Mn02901GfNiF02901.exe
Lo02901GfNiF02901.exe
eE02901GfNiF02901.exe
%AllUsersProfile%\[random\[random].exe
%StartMenu%\Programs\Security Sphere 2012.lnk
%AllUsersProfile%\????????????
%AllUsersProfile%\Application Data\??????????
%ALLUSERSPROFILE%\Programdata\????????????????
%AllUsersProfile%\??????????
%ALLUSERSPROFILE%\Datos de programa\????????????
%ALLUSERSPROFILE%\Programdata\??????????
nN02901GfNiF02901.exe
%ALLUSERSPROFILE%\Arquivos de programa\??????????
%ALLUSERSPROFILE%\Dati applicazioni\??????????
%ALLUSERSPROFILE%\Application Data\??????????????????
%ALLUSERSPROFILE%\Programdata\??????????????????
%ALLUSERSPROFILE%\Anwendungsdaten\??????????????????
%ALLUSERSPROFILE%\Dati applicazioni\??????????????????
%ALLUSERSPROFILE%\Application Data\?????????????????
Lo02901GfNiF02901.exe
%ALLUSERSPROFILE%\Dati applicazioni\????????????
%ALLUSERSPROFILE%\Dati applicazioni\?????????????????
%ALLUSERSPROFILE%\????????????????
%ProgramData%\??????????
vL02901GfNiF02901.exe
%ALLUSERSPROFILE%\Datos de programa\????????????????

Security Sphere processes to kill:

eE02901GfNiF02901.exe
Lo02901GfNiF02901.exe
nN02901GfNiF02901.exe
Mn02901GfNiF02901.exe
vL02901GfNiF02901.exe
vL02901GfNiF02901.exe
nN02901GfNiF02901.exe
Mn02901GfNiF02901.exe
Lo02901GfNiF02901.exe
eE02901GfNiF02901.exe
%AllUsersProfile%\[random\[random].exe

Remove Security Sphere registry entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.