ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Internet & the Web»
  • Viruses, Spyware & Internet Security

System Security Virus: Malware Prevention and Removal

Updated on November 5, 2011
System Security Virus: fake tray warning
System Security Virus: fake tray warning

What's peculiar about system security virus?

Compared to an array of rogue security programs circulating on the web, system security virus is particularly annoying. It's stubborn. It makes Windows unusable. Owners of infected machines would scream in despair. Help on forums? Unsuspicious users will enumarate a dozen of recovery steps that do work, but not with system security.

System security virus generates scary scan reports.
System security virus generates scary scan reports.

The Bad

Once this malware is inside your PC, it causes chaos.

  1. Your installed antivirus or antispyware program is likely to miss the infection. If real-time protection fails, you will not be able to open antivirus control panel or initiate a scan.
  2. For testing purposes, I'm running PC Tools Internet Security. Mind you, this application is useless. It lists suspicious activity in the History section, and even blocks access attempts, but it can neither detect nor remove parts of malware.
  3. System Security virus can block: Registry Editor (regedit.exe or regedt32exe), Task Manager (taskmgr.exe), Command Prompt (cmd.exe).
  4. Installation of new programs will fail meaning you just can't install any security software to remove this virus.
  5. Online virus scanners will not run due to various errors. A victim of System Security reported that she was able to use a-squared anti-malware scan though.

Inside the Infected Computer

  • "Security System Firewall Alert" is continually popping up on your PC when you're on the Internet.
  • This malware generates a random numeric filename, e.g. C:\Documents and Settings\All Users\Application Data\2068231618\491559532.exe
  • It installs its files into C:\Program Files\System Security.
  • To autostart with Windows, System security 2009 virus adds entries to the Registry. However, this pest is smart enough to prevent attempts of modifying the Windows registry hive, so deleting malicious keys manually may come impossible.

Entry Point: Email

This is an email I got into my inbox:

Hello Kelly,

I found your information while trying to research a way to remove the System Security Malware program. I have a decent amount of experience with getting rid of this types of fake anti virus programs, but this one has me completely stumped. I am locked out of Task Manager, regedit, i can't open any .exe file and i can't get into safe mode. I was just wondering how you ended up getting it off of your computer, if you did at all. I can't install Malwarebytes because it won't let me open the exe file. The only program i can open is internet explorer. I tried renaming the malwarebytes install file to "iexplorer.exe" and opening it, but that still didn't work.

Any information you can pass on my way would be greatly appreciated.

Thank you in advance,
Josh.

Look how innocent it is. I'm getting emails asking for help daily, so this one was no surprise. But I wasn't yet finished with the reply when another one arrived:

Hello again,

I found the solution. Just in case you have not, http://systemsecuritysite.com/install/wscleaner.exe , it was supplied by the website in the support page. That kills the process and allows you to open the exe files. I now can run malware bytes and can completely remove the program from my system.

-
Josh

This one explained it all. Chances are, a poor victim suffering from the malware and searching for ways how to remove system security virus, will receive this 'request for help' followed by a 'quick cure' with the link. Downloading and executing the file is not recommended, because as you might have already guessed, it's another piece of malware. Virustotal reported it malicious after scanning the item with 41 different antivirus engines.

System Security 2009 virus: fake cleaner wscleaner.exe tested with Virustotal service.
System Security 2009 virus: fake cleaner wscleaner.exe tested with Virustotal service.
If you ignored my recommendation and decided to use the "cleaner", here's the message you will get. I can assure you're in big trouble since this very moment.
If you ignored my recommendation and decided to use the "cleaner", here's the message you will get. I can assure you're in big trouble since this very moment.

How to Remove System Security

Basically, in case Registry Editor, Command Prompt and Task Manager are blocked by malware, the only way out is to use Windows Safe Mode because you can't install any removal software in Normal Mode.

Here's System Security removal procedure using Safe Mode.

  1. Restart and keep tapping F8 key until Windows Boot Menu appears. Choose Safe Mode with Networking (or just Safe Mode).
  2. Log on with administrator privileges.
  3. Open Task manager, locate the process consisting of random numbers (e.g. 1213501838.exe), highlight it and click End Process. Repeat this with SystemSecurity.exe process if listed.
  4. Open Microsoft Configuration Utility (Start-->Run, type in MSCONFIG and click OK. Navigate to Startup tab). Look for entries pointing to 1213501838.exe and SystemSecurity.exe (these are examples only, the filename with numbers is randomly generated by malware), uncheck their corresponding boxes. Click Apply, OK.
  5. Restart Windows and log on normally.

Recovering

When logged on, you should be no longer seeing pop-ups and warnings. However, the steps you did in Safe Mode are not meant to remove system security. For complete removal, download and install any of the programs below. There's no need to install all of them, just pick up 1 and do a system scan with it.

Tip for Malwarebyte's users

Chances are, it won't let you neither download nor install Malwarebyte's anti-malware. If this is the case, change the filename mbam-setup.exe to explorer.exe (this might fool our smart little pest). Save explorer.exe to your hard drive, and execute. If Malwarebyte's installs, good. Now go to C:\Program Files\Malwarebyte's Anti-malware and rename mbam.exe to explorer.exe. Try running the renamed file. When Malwarebyte's window open, go to Update tab and download latest updates, then perform a scan.

Post-recovery

Since System Security virus places its files into System Volume Information (a hidden Windows folder), you need to empty it.

WARNING 1: do this only after the program you picked up above, completed a successful scan and removed parts of the malware. System Volume Information is a protected folder so security software might be unable to delete System virus from there.

WARNING 2: make sure your system is operating normally, i.e. all applications can be opened, you have access to Task Manager and Add/Remove Programs applet, etc. There should be no more malware (except for System Volume Information where remnants of the virus might be remaining).

  • Right-click on My Computer and choose Properties.
  • Go to System Restore.
  • Check the box Turn off System Restore. Click Apply, OK. Windows will warn you about the danger of deleting restore points. After restarting Windows, reverse the steps, that is, Enable System Restore.

Prevention

Finally, a couple of words about protection.

If you ever had a chance to tackle any rogue security program (not necessarily System Security pest), you definitely know how tedious, time-consuming and exhausting the task can be.

Therefore take this piece of advice from me:

  • Consider switching your current security software, namely antivirus. It doesn't matter if you're using a multi-module Internet Security Suite from any vendor. Once the malware has been let into the system, it will come back. The story will repeat. So if you don't learn the lesson and leave everything as it is, I'm sorry you wasted your valuable time reading this hub.
  • Revise your browsing habits. If you're using Google, pay attention to warnings it gives under listings of suspicious websites. If Google thinks a website is dangerous, chances are there's a reason behind that warning.
  • Remind yourself and instruct anyone sharing your computer: DO NOT install any antivirus, antispyware, security scanner, etc, no matter where and what is recommended. Once your layers of protection are set up and functioning, stop experimenting and ignore flashy warnings like "your system is infected, take action!"

Comments

    0 of 8192 characters used
    Post Comment

    • RVDaniels profile image

      RVDaniels 8 years ago from Athens, GA

      Thank you for a very useful hub.

    • Horrya profile image

      Horrya 8 years ago

      Great ! Thanks !

    • Matrixkavi profile image

      Matrixkavi 8 years ago from India

      Wow!.. great hub..

    • profile image

      Yemi 8 years ago

      Thanks, you are GREAT!!!

    • profile image

      perla.L 7 years ago

      i tried all of these options and i still have the security system on my computer. I can not download and of the software given and if i do it will not run it. any suggestions.

    • profile image

      b_g 7 years ago

      dear peria.l, along with all above from save mode, install trojan remover from www.simplysup.com. scan with this, note the registry path & mannualy delete that. hope ur problem will be solved. i used all this to solve many pc's just this problem. install updated antivirus, firewall, spyware.

    • profile image

      dangerousdoug 7 years ago

      Charlemont I found your hub to be very informative and useful during a time of extreme frustration and (desperation). I work from home and I rely heavily on my laptop. I would agree with everything you say about the system security virus being stubborn and malicious... after nearly 20 hrs of research, study, and numerous iterations of fix and scan my pc is finally clean. Because I had a number of viruses (I'm convinced that the first tools I sought to use were indeed just more malware) I had to use a combination of several to finally get the job done (Malwarebytes proved effective with System Security but it took several scans and shutdowns and startups (and msconfig changes, and turing restore point on and off numerous times). After finally defeating the thing I started wondering why someone as adept as you would fall for an exe link in an email and why you didn't have safeguards installed to prevent intrusion? After this experience with a virus (my first) I am very very leary of anything I see on the web and even bloggers... how can anyone be sure the author of the article or the provider of fix-it software is infact has the best interest of the consumer/audience in mind? As I said, your article was helpful to me but I still wonder a little about whether you're sinister because of the case in point you provided... at any rate, thank you for taking the time to put this hub together.

    • Gennifer profile image

      Gennifer 7 years ago from Minsk, Belarus

      usefyl information and nice writing! thanks for sharing!

    • profile image

      mdawson17 7 years ago

      Very good hub useful tips!

      mdawson17

    • askjanbrass profile image

      askjanbrass 7 years ago from St. Louis, MO

      Good tips, thanks! We use Malware Anit-malware here (think that's how you spell all that).

    • Jenny30 profile image

      Jennifer 7 years ago from Canada

      great article. Thanks for the useful tips!

    • profile image

      Al 7 years ago

      Thank you for this blog... it saved me from a format

    • jbullet profile image

      jbullet 7 years ago

      Great advice. I had malware in my computer last year and so know how important this type of info is!

    • profile image

      Total Security Malware Victim 7 years ago

      Can we file a lawsuit, or file complaints to Department of consumer affairs against this company? Could this company of Malware maker and its website be legally questioned and be brought down?

    • profile image

      sagastume 7 years ago

      i think that is not possible

    • Manna in the wild profile image

      Manna in the wild 7 years ago from Australia

      It is good that you are sharing this kind of information. Well done.

    • ciidoctor profile image

      ciidoctor 7 years ago

      good work

    • profile image

      Juergen 7 years ago

      Great article

      I remember getting a computer in and it had Anti-virus 2008, which i think was the 1st version of that type of scare-ware.

      I found out quickly that it was much more effective to backup essential files and just reinstall the OS, instead of tinkering for hours and still have a crawling or even not properly working system. Until then I had been happy with the free version of AVG, but after some research on the new treat, i came to the conclusion that "free" will do no more. The danger of reaching a page on the internet that had an injected swf banner, or other form of "drive-by download" was imminent. A new breed had arrived. So this is the main reason a regular installed anti-virus/anti-malware, online scans, are not gonna do you much good because by the time this type of program detects the virus, it already is in your system, maybe it disables your A-V. It has to denie access to the page in question to keep you safe on the web these days. I use Avira PSS and it has not failed me yet.

      Regards Juergen

    • profile image

      Juergen 7 years ago

      If you are a victim in the United States you can report here: http://isc.sans.org/ (report it to the handler on duty)

      or at the "Internet Crime Complaint Center" of your state.

      Write down the internet address you went to.

      Juergen

    • profile image

      Timesha 7 years ago

      Where can u locate task manager

    • profile image

      Bill 7 years ago

      I received this email saying it was a e-postcard from a family member, once downloaded my computer is a mess! how can this be legal? if I could only get my hands on these people. Please help me to salvage my computer. Thanks

    • frogyfish profile image

      frogyfish 7 years ago from Central United States of America

      Amazing! My grandson just cleaned up my Virtumonde plus and Trojans today after I had been trying for a week -with NO luck. Like you said, it got in and messed up Windows. He knew your stuff I guess, but I'm bookmarking your page for safe-keeping! Thank you!

    • profile image

      Henry Bonner 7 years ago

      Security security has charge my card two time and the virur protection still doesn't work. Call me at 651-488-1615

    • save my system profile image

      save my system 7 years ago from United Kingdom - London

      All your tips are really good. What I think is its better safe than sorrow. Because you never know what hacker's do or with which action you get spy ware. Once spy ware accidentally install on your PC it is very difficult to remove. So better keep your anti virus updated.

    • profile image

      titbit 7 years ago

      One of my friends have had that virus for a couple of times, and since I'm the "computer tech" I got the job of cleaning it. The last one he got was really nasty, blocked everything as describred here (even blocked everything in safe mode). I did about everything I could think of and on the verge of abandonning, until I found I had previously installed RegCure (or something like that) which by some mirable had made a registry backup from a couple of months before. I was able to start the program (RegCure) which was a important step, so I restored the registry and could finally have all the programs starting again, along with windows restore.

    • profile image

      TechTrendy 6 years ago

      Nicely written, clear and concise. I plan on checking out your other articles as well.

    • profile image

      jason 6 years ago

      Thanks, it was simple and effective., I appreciate you sharing your knowledge

    • profile image

      Edd 6 years ago

      Appreciate you sharing you knowledge.

    Click to Rate This Article