ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

System Security Virus: Malware Prevention and Removal

Updated on November 5, 2011
System Security Virus: fake tray warning
System Security Virus: fake tray warning

What's peculiar about system security virus?

Compared to an array of rogue security programs circulating on the web, system security virus is particularly annoying. It's stubborn. It makes Windows unusable. Owners of infected machines would scream in despair. Help on forums? Unsuspicious users will enumarate a dozen of recovery steps that do work, but not with system security.

System security virus generates scary scan reports.
System security virus generates scary scan reports.

The Bad

Once this malware is inside your PC, it causes chaos.

  1. Your installed antivirus or antispyware program is likely to miss the infection. If real-time protection fails, you will not be able to open antivirus control panel or initiate a scan.
  2. For testing purposes, I'm running PC Tools Internet Security. Mind you, this application is useless. It lists suspicious activity in the History section, and even blocks access attempts, but it can neither detect nor remove parts of malware.
  3. System Security virus can block: Registry Editor (regedit.exe or regedt32exe), Task Manager (taskmgr.exe), Command Prompt (cmd.exe).
  4. Installation of new programs will fail meaning you just can't install any security software to remove this virus.
  5. Online virus scanners will not run due to various errors. A victim of System Security reported that she was able to use a-squared anti-malware scan though.

Inside the Infected Computer

  • "Security System Firewall Alert" is continually popping up on your PC when you're on the Internet.
  • This malware generates a random numeric filename, e.g. C:\Documents and Settings\All Users\Application Data\2068231618\491559532.exe
  • It installs its files into C:\Program Files\System Security.
  • To autostart with Windows, System security 2009 virus adds entries to the Registry. However, this pest is smart enough to prevent attempts of modifying the Windows registry hive, so deleting malicious keys manually may come impossible.

Entry Point: Email

This is an email I got into my inbox:

Hello Kelly,

I found your information while trying to research a way to remove the System Security Malware program. I have a decent amount of experience with getting rid of this types of fake anti virus programs, but this one has me completely stumped. I am locked out of Task Manager, regedit, i can't open any .exe file and i can't get into safe mode. I was just wondering how you ended up getting it off of your computer, if you did at all. I can't install Malwarebytes because it won't let me open the exe file. The only program i can open is internet explorer. I tried renaming the malwarebytes install file to "iexplorer.exe" and opening it, but that still didn't work.

Any information you can pass on my way would be greatly appreciated.

Thank you in advance,

Look how innocent it is. I'm getting emails asking for help daily, so this one was no surprise. But I wasn't yet finished with the reply when another one arrived:

Hello again,

I found the solution. Just in case you have not, , it was supplied by the website in the support page. That kills the process and allows you to open the exe files. I now can run malware bytes and can completely remove the program from my system.


This one explained it all. Chances are, a poor victim suffering from the malware and searching for ways how to remove system security virus, will receive this 'request for help' followed by a 'quick cure' with the link. Downloading and executing the file is not recommended, because as you might have already guessed, it's another piece of malware. Virustotal reported it malicious after scanning the item with 41 different antivirus engines.

System Security 2009 virus: fake cleaner wscleaner.exe tested with Virustotal service.
System Security 2009 virus: fake cleaner wscleaner.exe tested with Virustotal service.
If you ignored my recommendation and decided to use the "cleaner", here's the message you will get. I can assure you're in big trouble since this very moment.
If you ignored my recommendation and decided to use the "cleaner", here's the message you will get. I can assure you're in big trouble since this very moment.

How to Remove System Security

Basically, in case Registry Editor, Command Prompt and Task Manager are blocked by malware, the only way out is to use Windows Safe Mode because you can't install any removal software in Normal Mode.

Here's System Security removal procedure using Safe Mode.

  1. Restart and keep tapping F8 key until Windows Boot Menu appears. Choose Safe Mode with Networking (or just Safe Mode).
  2. Log on with administrator privileges.
  3. Open Task manager, locate the process consisting of random numbers (e.g. 1213501838.exe), highlight it and click End Process. Repeat this with SystemSecurity.exe process if listed.
  4. Open Microsoft Configuration Utility (Start-->Run, type in MSCONFIG and click OK. Navigate to Startup tab). Look for entries pointing to 1213501838.exe and SystemSecurity.exe (these are examples only, the filename with numbers is randomly generated by malware), uncheck their corresponding boxes. Click Apply, OK.
  5. Restart Windows and log on normally.


When logged on, you should be no longer seeing pop-ups and warnings. However, the steps you did in Safe Mode are not meant to remove system security. For complete removal, download and install any of the programs below. There's no need to install all of them, just pick up 1 and do a system scan with it.

Tip for Malwarebyte's users

Chances are, it won't let you neither download nor install Malwarebyte's anti-malware. If this is the case, change the filename mbam-setup.exe to explorer.exe (this might fool our smart little pest). Save explorer.exe to your hard drive, and execute. If Malwarebyte's installs, good. Now go to C:\Program Files\Malwarebyte's Anti-malware and rename mbam.exe to explorer.exe. Try running the renamed file. When Malwarebyte's window open, go to Update tab and download latest updates, then perform a scan.


Since System Security virus places its files into System Volume Information (a hidden Windows folder), you need to empty it.

WARNING 1: do this only after the program you picked up above, completed a successful scan and removed parts of the malware. System Volume Information is a protected folder so security software might be unable to delete System virus from there.

WARNING 2: make sure your system is operating normally, i.e. all applications can be opened, you have access to Task Manager and Add/Remove Programs applet, etc. There should be no more malware (except for System Volume Information where remnants of the virus might be remaining).

  • Right-click on My Computer and choose Properties.
  • Go to System Restore.
  • Check the box Turn off System Restore. Click Apply, OK. Windows will warn you about the danger of deleting restore points. After restarting Windows, reverse the steps, that is, Enable System Restore.


Finally, a couple of words about protection.

If you ever had a chance to tackle any rogue security program (not necessarily System Security pest), you definitely know how tedious, time-consuming and exhausting the task can be.

Therefore take this piece of advice from me:

  • Consider switching your current security software, namely antivirus. It doesn't matter if you're using a multi-module Internet Security Suite from any vendor. Once the malware has been let into the system, it will come back. The story will repeat. So if you don't learn the lesson and leave everything as it is, I'm sorry you wasted your valuable time reading this hub.
  • Revise your browsing habits. If you're using Google, pay attention to warnings it gives under listings of suspicious websites. If Google thinks a website is dangerous, chances are there's a reason behind that warning.
  • Remind yourself and instruct anyone sharing your computer: DO NOT install any antivirus, antispyware, security scanner, etc, no matter where and what is recommended. Once your layers of protection are set up and functioning, stop experimenting and ignore flashy warnings like "your system is infected, take action!"


    0 of 8192 characters used
    Post Comment

    • profile image


      7 years ago

      Appreciate you sharing you knowledge.

    • profile image


      7 years ago

      Thanks, it was simple and effective., I appreciate you sharing your knowledge

    • profile image


      8 years ago

      Nicely written, clear and concise. I plan on checking out your other articles as well.

    • profile image


      8 years ago

      One of my friends have had that virus for a couple of times, and since I'm the "computer tech" I got the job of cleaning it. The last one he got was really nasty, blocked everything as describred here (even blocked everything in safe mode). I did about everything I could think of and on the verge of abandonning, until I found I had previously installed RegCure (or something like that) which by some mirable had made a registry backup from a couple of months before. I was able to start the program (RegCure) which was a important step, so I restored the registry and could finally have all the programs starting again, along with windows restore.

    • save my system profile image

      save my system 

      8 years ago from United Kingdom - London

      All your tips are really good. What I think is its better safe than sorrow. Because you never know what hacker's do or with which action you get spy ware. Once spy ware accidentally install on your PC it is very difficult to remove. So better keep your anti virus updated.

    • profile image

      Henry Bonner 

      8 years ago

      Security security has charge my card two time and the virur protection still doesn't work. Call me at 651-488-1615

    • frogyfish profile image


      8 years ago from Central United States of America

      Amazing! My grandson just cleaned up my Virtumonde plus and Trojans today after I had been trying for a week -with NO luck. Like you said, it got in and messed up Windows. He knew your stuff I guess, but I'm bookmarking your page for safe-keeping! Thank you!

    • profile image


      8 years ago

      I received this email saying it was a e-postcard from a family member, once downloaded my computer is a mess! how can this be legal? if I could only get my hands on these people. Please help me to salvage my computer. Thanks

    • profile image


      9 years ago

      Where can u locate task manager

    • profile image


      9 years ago

      If you are a victim in the United States you can report here: (report it to the handler on duty)

      or at the "Internet Crime Complaint Center" of your state.

      Write down the internet address you went to.


    • profile image


      9 years ago

      Great article

      I remember getting a computer in and it had Anti-virus 2008, which i think was the 1st version of that type of scare-ware.

      I found out quickly that it was much more effective to backup essential files and just reinstall the OS, instead of tinkering for hours and still have a crawling or even not properly working system. Until then I had been happy with the free version of AVG, but after some research on the new treat, i came to the conclusion that "free" will do no more. The danger of reaching a page on the internet that had an injected swf banner, or other form of "drive-by download" was imminent. A new breed had arrived. So this is the main reason a regular installed anti-virus/anti-malware, online scans, are not gonna do you much good because by the time this type of program detects the virus, it already is in your system, maybe it disables your A-V. It has to denie access to the page in question to keep you safe on the web these days. I use Avira PSS and it has not failed me yet.

      Regards Juergen

    • ciidoctor profile image


      9 years ago

      good work

    • Manna in the wild profile image

      Manna in the wild 

      9 years ago from Australia

      It is good that you are sharing this kind of information. Well done.

    • profile image


      9 years ago

      i think that is not possible

    • profile image

      Total Security Malware Victim 

      9 years ago

      Can we file a lawsuit, or file complaints to Department of consumer affairs against this company? Could this company of Malware maker and its website be legally questioned and be brought down?

    • jbullet profile image


      9 years ago

      Great advice. I had malware in my computer last year and so know how important this type of info is!

    • profile image


      9 years ago

      Thank you for this blog... it saved me from a format

    • Jenny30 profile image


      9 years ago from Canada

      great article. Thanks for the useful tips!

    • askjanbrass profile image


      9 years ago from St. Louis, MO

      Good tips, thanks! We use Malware Anit-malware here (think that's how you spell all that).

    • profile image


      9 years ago

      Very good hub useful tips!


    • Gennifer profile image


      9 years ago from Minsk, Belarus

      usefyl information and nice writing! thanks for sharing!

    • profile image


      9 years ago

      Charlemont I found your hub to be very informative and useful during a time of extreme frustration and (desperation). I work from home and I rely heavily on my laptop. I would agree with everything you say about the system security virus being stubborn and malicious... after nearly 20 hrs of research, study, and numerous iterations of fix and scan my pc is finally clean. Because I had a number of viruses (I'm convinced that the first tools I sought to use were indeed just more malware) I had to use a combination of several to finally get the job done (Malwarebytes proved effective with System Security but it took several scans and shutdowns and startups (and msconfig changes, and turing restore point on and off numerous times). After finally defeating the thing I started wondering why someone as adept as you would fall for an exe link in an email and why you didn't have safeguards installed to prevent intrusion? After this experience with a virus (my first) I am very very leary of anything I see on the web and even bloggers... how can anyone be sure the author of the article or the provider of fix-it software is infact has the best interest of the consumer/audience in mind? As I said, your article was helpful to me but I still wonder a little about whether you're sinister because of the case in point you provided... at any rate, thank you for taking the time to put this hub together.

    • profile image


      9 years ago

      dear peria.l, along with all above from save mode, install trojan remover from scan with this, note the registry path & mannualy delete that. hope ur problem will be solved. i used all this to solve many pc's just this problem. install updated antivirus, firewall, spyware.

    • profile image


      9 years ago

      i tried all of these options and i still have the security system on my computer. I can not download and of the software given and if i do it will not run it. any suggestions.

    • profile image


      9 years ago

      Thanks, you are GREAT!!!

    • Matrixkavi profile image


      9 years ago from India

      Wow!.. great hub..

    • Horrya profile image


      9 years ago

      Great ! Thanks !

    • RVDaniels profile image


      9 years ago from Athens, GA

      Thank you for a very useful hub.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)