HijackThis shows Security Suite infection:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
What Security Suite does
Security Suite looks like a normal antispyware application, but in reality, this program is not able to perform any type of security related functions when installed on a computer. This program created with one purpose to trick you into purchasing the full version of the software.Security Suite is distributed through web sites showing online videos that tell you to install a flash update. When this "update" is started, it will put the rogue onto your computer without your permission and knowledge.
When running, Security Suite will configure itself to run automatically every time when your computer starts. After that, it will perform a fake system scan and list a variety of infections or potentially dangerous files. It states that your computer is infected with adware, trojans, worms or malware and that you should purchase Security Suite to remove these infections. Obviously, such results are a fraud, the program want to scare you into thinking that your computer is infected with malicious software.
While Security Suite is running, it will flood your computer with fake security alert and notifications from Windows task bar. Furthermore, the rogue may disable Task Manager, block legitimate Windows applications from running and hijack Internet Explorer so, that it will display various misleading notifications while browsing the web.
As you can see, Security Suite is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it! If your PC is already infected you should ignore its scan results and fake security alerts. Follow the Security Suite removal guide or the instructions below in order to remove this malware from your computer for free.
How to remove Security Suite virus/malware
1. Reboot your computer in Safe mode with networking.
2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
3. Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.
4. Once the program has loaded you will see a screen like below.
Malwarebytes' Anti-Malware
5. Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.
Malwarebytes' Anti-Malware - lists of malicious software
6. Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.
If the instructions does not help you, then ask for help in the Spyware removal forum.
No comments:
Post a Comment