ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Internet & the Web

How to Quickly Remove KVMSecure Scam Extortion

Updated on January 27, 2009

KVMSecure Threat

In the huge family of fake antispyware programs another adolescent has grown up. KvmSecure was has been on the peak of ubiquity not a long time ago, but later lost its high scores to more aggressive trojan viruses (Virtumonde, Zlob, etc). But now it looks like this scam extortion is starting the second life.

The more people read this information and take measures to stay protected, the sooner kvmsecure will fall into oblivion.

Kvm secure web exposure

Just like as any other rogue security software, KVM Secure sits in the ambush on a number of websites. To get better online exposure and more credibility, designers working for bad guys copied the style of Microsoft. As in a good sales letter, there's a discount offer - whopping 40% OFF! That's quite some bucks because kvmsecure retails at $49.95 - normally you'd pay this money for a full-featured Internet Security Suite because decent antispyware programs are available below $30.

One more marketing trick on part of kvm secure creators: they tell that over 800,000 satisfied customers praise their software. (If you replace the word praise with curse, that would certainly look much closer to the truth). I'm curious if that number is static or is generated randomly (with a tendency to increase) for every new visitor.

They even offer free upgrades to fooled customers. Cynical, isn't it?

Look at the screenshot below: damn, who permits this on the web?

KVM Secure website screenshot

At 40% off, kvmsecure is a very affordable scam
At 40% off, kvmsecure is a very affordable scam

Fake Scans

Upon visiting any of websites associated with kvmsecure, a window with running scan appears.

KVMSecure Online Scanner
KVMSecure Online Scanner

Detected threats are not present in the system because the scan is fake. The hard drive does not spin as it would when scanned at such a speed. But... who listens to what's happening inside the computer? The scanner window is big, clean and impressive - enough to make a random visitor nervous about those multiple infections.

KVMsecure Fake Alert in the Tray
KVMsecure Fake Alert in the Tray

KVM secure getting inside

Are you protected with Window OneCare? Then you're potentially a victim of KVMsecure. As usual with scam extortions, they are smart enough to bypass common PC security shields. It's best if a good antivirus and a good antispyware overlap, but often there's a "gap" between their detection areas, and this type of malware creeps inside on the edge of computer security software.

Norton 360 is reported to let kmvsecure live peacefully side by side with Symantec detection system. As of the beginning of September, AVG did not have necessary signatures yet. Probably the Czech guys have added the description already.

Notoriously known trojan viruses, Vundo and Zlob, make a breech in the target system to download parts of KVM Secure. Then a message in the tray is displayed warning about "found threats" and urging to buy the cure. Which, as you guess, is a license to register KVM secure. Pretty useless since KVM secure is equal crap in both "demo" and "registered" versions. So if you have spare $17 bucks, give it to Red Cross. (Or you can add 2 more dollars and get 1 year of real-time protection against this and many other scam extortions).

Once the malware is inside the system and active (that happens pretty quick... in a blink of an eye), it floods the desktop and browser with pop-ups and fake system notifications to inform the user about bad infections and urge him/her to buy the license as soon as possible while their $33 OFF discount is active. Kwmsecure in browser displays fake Microsoft screens. As I've told above, this malware copies the Microsoft style to look as legitimate as possible. "Recommended by Microsoft" sounds like the software worth buying, doesn't it?

The screenshot of installed KVMsecure is below.

KMVsecure Desktop Scan
KMVsecure Desktop Scan
Opera warns about undesired webpage
Opera warns about undesired webpage

How to Stay Protected

It's always better to stop such threats at the Ethernet gates. If you're using a safe browser, there's a chance you will be warned about dangerous website when trying to load it. While this is not the only way KMV secure distributes itself, it is always good to block as many of them as possible.

Opera, like a good browser, will advise not to look at the page. Very wise.

Note: I've made the website name invisible not to drive new victims to those scammers. Even visiting them out of curiosity poses a risk.

Of course an all-ecompassing way to be protected against hundreds (if not thousands) of similar threats is to have active anti-malware protection. For those who really care about their computers I'll list several trustworthy programs below.

How to Remove KVMsecure Manually

Well, after a short lecture let me describe the KMVSecure removal process. Pity, it's impossible to uninstall kvmsecure via Control Panel as legit programs, because it will never leave your computer by its good will. You'll have to kick it out and shut the door before it decides you've been joking.

1. Open Task Manager, and under the tab Processes find the process KmvSecure.exe then click the End Process button.

2. Go to Start-->Run, type in MSCONFIG and click OK. In the opened editor, go to Startup tab and see if the KmvSecure.exe process is there. If it is, uncheck the box and click OK.

3. Go to C:\Program Files directory and look for these folders:

  • KmvSecure
  • KmvSecure\Suspicious
  • KmvSecure\Infected

Delete the folders and everything inside them. If any of the files cannot be deleted, use Unlocker utility that helps to remove most stubborn files. Unlocker is free, and therefore is available at no discount price ;P

4. Go to:

%UserProfile%\Start Menu\Programs\KvmSecure\

and remove the shortcut: KvmSecure.lnk

5. Go to:


and remove another instance of shortuct: KvmSecure.lnk

6. Go to:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch

and remove KvmSecure.lnk one more time.

Note: one or more files may not be present in your system, or depending on a modification of kvmsecure it may generate other files, including executables, registry entries, etc.

System restore on XP may not help as this malware places itself in the restore points.

How to Remove KMVSecure Automatically

Automatic removal is always more popular than any instructions for manual deletion. It's not just easier, but safer as well. Removing an important system file or folder is a serious risk hence Windows protects its folders from user access.

But there's an even bigger advantage. Automatic removal involves the use of software, but isn't it good if software not only removes, but protects against installation of KMVSecure, not letting trojan viruses in the system?

I think you'll agree.

Because Spyware Detector marks this scam extortion as highly dangerous.

KVM Secure risk level: critical (according to Spyware Detector)
KVM Secure risk level: critical (according to Spyware Detector)
Max Spyware Detector
Max Spyware Detector


    0 of 8192 characters used
    Post Comment

    • charlemont profile image

      charlemont 9 years ago from Lithuania

      Thank you Stacie!

    • Stacie L profile image

      Stacie L 9 years ago

      you are a wealth on information.I learn so much from these hubs. Keep up the good work!