Thursday, May 21, 2009

How to Remove System Security 2009

How to remove the System Security Virus

Recently, I have had the not so fun experience of trying to remove the virus known as System Security, System Security 2009, or "WARNING YOU'RE IN DANGER". This is probably one of the nastiest viruses I've ever experienced so I built this lens to help others combat it. There is not a lot of information out there on this virus from what I read.

What is it and where does System Security Come From?

This virus is a faux spyware scanner. It acts as though it will help you get rid of viruses, when in fact it is one exactly. It is a hijacker and will completely take over your system, popping up random fake virus scans and trying to bait you into buying the program. Do not purchase the System Security program in an effort to get rid of it. I don't even need to tell you what these people would do with your finances.

Where does it come from? Many places. But the most common I believe are from torrents and transition ads from a company like AdBrite or ClicksOr. You may have seen a transition ad before. It says "Click here to continue" in the top right corner of the ad. Both of those companies that allow these types of ads are reputable but many of their publishers are NOT which is how we get viruses in the first place.

Symptons of an Infected Computer

What happens when you get System Security

As I said before, this hijacker/virus is one of the worst out there. The first symptom you'll see when you get this program is that it will pop up and take over your PC.

Image Hosted by ImageShack.us

You will not be able to close it without it asking you if you want to remain infected, or if you want to buy the program. As I said before, Do not buy System Security 2008 or 2009 or any of them. It's just a ploy for the hackers to get your financial info. The program will also show a fake virus scan running in your lower right hand window.

If you are infected your wallpaper may also change. The wallpaper will be black and read a message "Warning! Your're In Danger" don't really worry about that right now. It's an annoying scare tactic.

How to Remove the System Security Virus

There are two ways to remove this virus. The first is with a good virus scanner.

Download or purchase Norton Anti Virus, and Malwarebytes Anti-Malware. Boot your system into safe mode (F8 at startup) and run both of these programs. If you find them, remove the viruses from your system. Disable system restore (so the virus isn't restored) and reboot. You are now virus free.

If you cannot open task manager, regedit, or any .EXE files You are in a LOT more trouble. But don't worry, I had the virus this bad and I am here typing this to you on my PC right now :).

You will need to do a manual removal. This will take a lot of "computer smarts" because you have to edit the registry and delete a lot of files manually.

=====
WARNING: USE THE FOLLOWING INFO AT YOUR OWN RISK. EDITING YOUR REGISTRY INCORRECTLY WILL RENDER YOUR PC USELESS.

If you do not know how to do this I recommend you purchase AntiVirus Pro Removal Tool (Click Here) and run it in safe mode to get rid of this virus. If you are having issues the people there will help you use their software step-by-step until you are cured.

=====

Manual Removal Instructions:

-Boot your PC in Safe Mode (F8 at startup).
-Search for all .EXE files on your PC. Order by date modified.
-Delete any suspicious looking files.
-Open regedit.
-Navigate to HKEY LOCAL MACINE/PROGRAM FILES/ MICROSOFT/ WINDOWS/ CURRENT VERSION/ RUN
-Find suspicious entries in the registry. Highlight them and look at the status bar for the location of the files they call.
-Delete the suspicious files and reg entires.
-Do the same for /UNINSTALL
-Search your PC for suspicious .DLL files and delete them
-Install a virus scanner and run a scan (optional)

You are now virus free! :)