Kelly Wright is a former system administrator’s assistant. She writes step-by-step malware removal guides for home users, and also provides PC security related advice.
Her hubpage describes in detail how to remove system security.
How to Remove System Security
System Security is a type of smitfraud (often referred to as “fake security software”). It is distributed via malicious websites, but also comes bundled with fake video codecs (e.g. those promising to show Shockwave and Flash clips). Unlike various other examples of rogue antispyware, system security virus is an extremely well-coded pest. It causes serious damage to an attacked computer and spoils user’s experience.
Here’s a list of symptoms.
1. Windows modules (Task Manager, Command Prompt, Registry Editor) are blocked from access.
2. Currently installed antivirus programs may fail to heal the infection, and are disabled by the virus. Antivirus applications become useless because they cannot be opened.
3. Desktop wallpaper is replaced by scary warnings.
4. Windows Security Center (or, rather, its imitation) displays scary tooltips urging the user to download the allegedly recommended software and remove detected infections.
5. System Security uses a fake scanner to display fake results of “system check”. It’s not intelligent enough since legitimate Windows files are listed as suspicious or highly dangerous (e.g. svchost.exe).
6. Almost none of installed applications can be opened while showing warnings “the file xyz is infected”. No installation of security programs is possible due to same very reason. Interestingly though, Internet Explorer usually functions normally (at least for some time).
Here’s a basic guide to remove System Security (in case you have no a tech person to ask for help). Warning: tested on Windows XP system only.
1. In My Computer, go to C:Documents and SettingsAll UsersApplication Data and look for a folder with the numeric title. Inside it, there should be two files, one of them with the numeric filename same as the title of the folder. Delete the folder.
2. Reboot.
3. Click Start button, choose Run, type in MSCONFIG and click OK to launch Microsoft Windows Configuration Utility. Open Startup tab and look for the entry with the numeric name. Uncheck the box near it.
4. If there are entries pointing to Program Files folder with “System Security” in the path, remove the checkmarks from related boxes.
5. Right-click on My Computer. Choose Properties, go to System Restore. Put a checkmark in the box “Turn off System Restore”. Windows will warn you about restore points being deleted. Click OK and restart.
6. Now enable System Restore (by removing the checkmark you placed in step #5).
Finally, do a full system scan with your antivirus program (which should be capable of running by now) and remove the remaining entries of System Security virus.
