ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How to Quickly Remove KVMSecure Scam Extortion

Updated on January 27, 2009

KVMSecure Threat

In the huge family of fake antispyware programs another adolescent has grown up. KvmSecure was has been on the peak of ubiquity not a long time ago, but later lost its high scores to more aggressive trojan viruses (Virtumonde, Zlob, etc). But now it looks like this scam extortion is starting the second life.

The more people read this information and take measures to stay protected, the sooner kvmsecure will fall into oblivion.

Kvm secure web exposure

Just like as any other rogue security software, KVM Secure sits in the ambush on a number of websites. To get better online exposure and more credibility, designers working for bad guys copied the style of Microsoft. As in a good sales letter, there's a discount offer - whopping 40% OFF! That's quite some bucks because kvmsecure retails at $49.95 - normally you'd pay this money for a full-featured Internet Security Suite because decent antispyware programs are available below $30.

One more marketing trick on part of kvm secure creators: they tell that over 800,000 satisfied customers praise their software. (If you replace the word praise with curse, that would certainly look much closer to the truth). I'm curious if that number is static or is generated randomly (with a tendency to increase) for every new visitor.

They even offer free upgrades to fooled customers. Cynical, isn't it?

Look at the screenshot below: damn, who permits this on the web?

KVM Secure website screenshot

At 40% off, kvmsecure is a very affordable scam
At 40% off, kvmsecure is a very affordable scam

Fake Scans

Upon visiting any of websites associated with kvmsecure, a window with running scan appears.

KVMSecure Online Scanner
KVMSecure Online Scanner

Detected threats are not present in the system because the scan is fake. The hard drive does not spin as it would when scanned at such a speed. But... who listens to what's happening inside the computer? The scanner window is big, clean and impressive - enough to make a random visitor nervous about those multiple infections.

KVMsecure Fake Alert in the Tray
KVMsecure Fake Alert in the Tray

KVM secure getting inside

Are you protected with Window OneCare? Then you're potentially a victim of KVMsecure. As usual with scam extortions, they are smart enough to bypass common PC security shields. It's best if a good antivirus and a good antispyware overlap, but often there's a "gap" between their detection areas, and this type of malware creeps inside on the edge of computer security software.

Norton 360 is reported to let kmvsecure live peacefully side by side with Symantec detection system. As of the beginning of September, AVG did not have necessary signatures yet. Probably the Czech guys have added the description already.

Notoriously known trojan viruses, Vundo and Zlob, make a breech in the target system to download parts of KVM Secure. Then a message in the tray is displayed warning about "found threats" and urging to buy the cure. Which, as you guess, is a license to register KVM secure. Pretty useless since KVM secure is equal crap in both "demo" and "registered" versions. So if you have spare $17 bucks, give it to Red Cross. (Or you can add 2 more dollars and get 1 year of real-time protection against this and many other scam extortions).

Once the malware is inside the system and active (that happens pretty quick... in a blink of an eye), it floods the desktop and browser with pop-ups and fake system notifications to inform the user about bad infections and urge him/her to buy the license as soon as possible while their $33 OFF discount is active. Kwmsecure in browser displays fake Microsoft screens. As I've told above, this malware copies the Microsoft style to look as legitimate as possible. "Recommended by Microsoft" sounds like the software worth buying, doesn't it?

The screenshot of installed KVMsecure is below.

KMVsecure Desktop Scan
KMVsecure Desktop Scan
Opera warns about undesired webpage
Opera warns about undesired webpage

How to Stay Protected

It's always better to stop such threats at the Ethernet gates. If you're using a safe browser, there's a chance you will be warned about dangerous website when trying to load it. While this is not the only way KMV secure distributes itself, it is always good to block as many of them as possible.

Opera, like a good browser, will advise not to look at the page. Very wise.

Note: I've made the website name invisible not to drive new victims to those scammers. Even visiting them out of curiosity poses a risk.

Of course an all-ecompassing way to be protected against hundreds (if not thousands) of similar threats is to have active anti-malware protection. For those who really care about their computers I'll list several trustworthy programs below.

How to Remove KVMsecure Manually

Well, after a short lecture let me describe the KMVSecure removal process. Pity, it's impossible to uninstall kvmsecure via Control Panel as legit programs, because it will never leave your computer by its good will. You'll have to kick it out and shut the door before it decides you've been joking.

1. Open Task Manager, and under the tab Processes find the process KmvSecure.exe then click the End Process button.

2. Go to Start-->Run, type in MSCONFIG and click OK. In the opened editor, go to Startup tab and see if the KmvSecure.exe process is there. If it is, uncheck the box and click OK.

3. Go to C:\Program Files directory and look for these folders:

  • KmvSecure
  • KmvSecure\Suspicious
  • KmvSecure\Infected

Delete the folders and everything inside them. If any of the files cannot be deleted, use Unlocker utility that helps to remove most stubborn files. Unlocker is free, and therefore is available at no discount price ;P

4. Go to:

%UserProfile%\Start Menu\Programs\KvmSecure\

and remove the shortcut: KvmSecure.lnk

5. Go to:


and remove another instance of shortuct: KvmSecure.lnk

6. Go to:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch

and remove KvmSecure.lnk one more time.

Note: one or more files may not be present in your system, or depending on a modification of kvmsecure it may generate other files, including executables, registry entries, etc.

System restore on XP may not help as this malware places itself in the restore points.

How to Remove KMVSecure Automatically

Automatic removal is always more popular than any instructions for manual deletion. It's not just easier, but safer as well. Removing an important system file or folder is a serious risk hence Windows protects its folders from user access.

But there's an even bigger advantage. Automatic removal involves the use of software, but isn't it good if software not only removes, but protects against installation of KMVSecure, not letting trojan viruses in the system?

I think you'll agree.

Because Spyware Detector marks this scam extortion as highly dangerous.

KVM Secure risk level: critical (according to Spyware Detector)
KVM Secure risk level: critical (according to Spyware Detector)
Max Spyware Detector
Max Spyware Detector


    0 of 8192 characters used
    Post Comment
    • charlemont profile imageAUTHOR


      10 years ago from Lithuania

      Thank you Stacie!

    • Stacie L profile image

      Stacie L 

      10 years ago

      you are a wealth on information.I learn so much from these hubs. Keep up the good work!


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)