Remove system security

Solved/Closed
margie22 Posts 1 Registration date Tuesday January 20, 2009 Status Member Last seen January 21, 2009 - Jan 21, 2009 at 02:35 PM
 JRS - Jul 10, 2010 at 02:02 PM
Hello,
I also have a problem with my desktop being infected by "security system". I also need directions on how to destroy it.
any help?
Margie22

43 responses

never say never
Aug 12, 2009 at 05:40 PM
never say never man....
malwares are some of the most dangerous viral infections...because they have deep roots...and can disable most programss from running

now here is a guide to removing system security..

1.restart ur computer...
2. as soon as it loads up ( U CANNOT GIVE THE VIRUS ANY TIME TO START ...WE GONNA BE RUNNIN TIGHT D HERE) ..soo as soon as windows loads up...presss CTRL +ALT+DEL....now ur gonna say "I CANT I CANT IT WONT LET ME"...but u can..even tho system security disables programs..and task manager...theres a small gap between the time that windows loads up and the time that system security loads up..and in that short time...u can run task manager...
3. when task manager is up..ur gonna have to look for the system security process...its not up there yet...cuz its not started yet ...but usually it appears at the top...and no its not somehting like "SYSTEM SECURITY .exe" its gonna be a random number ..for me (yes i had this) it wass 15366254.exe.....as soon as the random number pops up...select it and click End Process...

NOW U ARE FREE TO RUN PROGRAMS

4. but wait ...the war's not over .....some people say all u have to do is go to reg edit...look for the same number that u ended ....and delete the registry..well no...thats part of the soloution..but as i said its a PART of the soloution...its not the FULL soloution...
ur gonna hve to install an anti malware program...
i suggest malwarebytes..
free link here https://download.cnet.com/malwarebytes-anti-malware/windows.html?part=dl-10804572&subj=dl&tag=button
5...when u download it...install it and go thru the installation processs...
6.when it is installed...IF it asks u to restart...DONT DO IT....instead run the program..
7..after running the program..update the virus /malware database...and do a quick scan...
8. when the scan is over click ok and then show results...make sure all the check boxes are checked..and then press remove selected...
9. some files require a reboot to be removed...so if it asks u ...reboot....
10. ur pretty much done...oo ya...and its gonna show u a log when its done...
those are the 10 EAZY steps to kickin the system security's ASS...
...but seriously guys....
u could d easily avoid gettin infected...
jus by regularly deleting ur internet cache...temp files...browsing history...
also...dont go on porn.!!!if u do..make sure u have a firewall on...!!(use protection...practice safe Cyber Sex)
ya...dats it for me...later
75
Mine doesn't have any numbers or anything random in the task manager. I can't access internet or run Malwarbytes.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Apr 18, 2010 at 05:38 AM
Hi Jo,

You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.

To kill the processes:

Download to your desktop and run Rogue Kill:

https://download.bleepingcomputer.com/grinler/rkill.com

5.You should now see a window that shows all of your desktop icons, including the rkill.com program. Now double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running.

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it Explorer.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.

Please let us know about the results which I am sure will be positive.
0
(Never Say Never)Thank u!!!!! Ur easy steps soooooo worked!!!!! would kiss ya if i could!!!!! xxx
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
May 8, 2010 at 07:57 AM
Hello Sarah,

Let the trumpets sound, the bells ring and the banners fly!

Thank you very much for your feedback. I am blushing and wiping a tear or two.

God save the Queen!
0
thank you, thank you, thank you-this was the fourth "free" way to remove that stupid software I tried. It was the only one to work and by far the easiest to do.
0
What if i CAN'T run Antimalware? What if I CAN'T run safe mode without it crashing every 2 minutes? What if I can't use task manager?. What do i do. my computer has become a crashing-restarting-machine.
14
AL B BACK - NOT
Apr 16, 2010 at 11:19 AM
EVERYBODY STOP
RUN MALWAREBYTES - WHEN IT FINDS THE INFECTIONS - LEAVE THEM IN QUARANTINE STATE
ONLY then will it NOT COME BACK!

IT'S THE BIGGEST ZOMBIE EVER - SO DON'T SHOOT IN THE HEAD - LEAVE IN CAGE PLEASE
0
Mine wont run Malwarebytes!!
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Apr 27, 2010 at 04:06 PM
TK
If you have a 64 bit system Malwarebyte will not run.
If you have 32 bit, download a fresh copy of Malwarebyte and before running it, rename it kioskea.exe.
0
I have this systems security 2009 bug on my husbands laptop, I have tried to do all kinds of things that have been offered here. NOTHING is working. I have started in safe mode and tried to remove it, but it removed it only from my start run file or in the control pannel list, It has an icon yellow sheild with black stripes and says systems security 2009 still as an icon and I can not open anything it has blocked every thing even my antivirus, I can not even find it to try to enable it. If I go to this unhackme50 can I download it on a disk from my computer and then put it in his and run it? Please what ever help you can give me, keep simple as I am not very good at this. Thanks Helen
2
This stupid virus just sucks. I can't start in safe mode. When you start up the computer in less than a minute it takes over & crash, you can't connect online or open any other programs at all and then just shuts off the computer. I am going to try the '(CTRL+ALT+DEL) and stop the Security System' method but I am not sure there is enough time it is really quick. It takes over a second after my desktop comes up.
I was just curious if anyone else had any luck or suggestions.
Thanks.
2

Didn't find the answer you are looking for?

Ask a question
I have tried all of these and nothing has worked. I ran the Malware program, I followed the step-by-step manual instructions, I've tried it all. When I do a search on my computer for system security 2009 nothing shows up but yet I am still getting all the pop-ups. Any help at all will be greatly appreciated.
1
If you caught Personal Security - in order to uninstall - do these simple steps:


1. Open My computer, choose Disk C;
2. Find Program Files=>Common Files=>PSecurityUninstall=>Uninstall
3. Run the file Uninstall.lnk

That is it!!!!!!
1
Go to Document and Settings/user name/Start Menu/Programs
Delete System Security folder from there.
0
how do i get to documents and settings to remove this system security. It is really hard removing it and how did it get there when i have Trend security?
0
no that not work at all u have do download remove sofware and then its delete
0
hey I did the same mistake instaling that shit and also my laptop go crazy.What you should do is:
-first when you start your PC type CTRL+ALT+DEL and go to task manager /processes and stop that proces...should be the only one like a number 16475..
-after that you can use your PC and you should start the cleanup
-try to find that number you find in the processes by searching it with the windows brouser
-then go to start/run and tipy regedit and in edit you should go to find and type the same number.When it find something you should carfully delete those registry .

I hope that will help
0
thanks teo it worked u must be a wiz
it was just a reminder to be more careful about what websites u visit especially if their about downloading and watching stuff. next time i will google sites up to see if any one reported getting a virus on that particular website & make the decision on whether im willing to take that risk again. dont think youre safe just because you have virus protection. It really scared me when this message replaced my desktop picture & warned me of hackers. & If u have a virus on your computer dont trust the lil popups claiming to remove them cuz they the ones that put it on their watch to see if the grammar in the text is sumwut incorrect BIG GIVEAWAY!
0
Thanks man, it really worked. I had the same virus and with your help I solved. Thks a lot!!!
0
Teo,
thanks for the tips. I was able to kill them in Task Manager and delete the registries associates to it. 90% of the application work, still can't run the other 10% application, most are spyware cleaner/anti-virus. Go to Safemode, I can't run these application either.
There must be something still left in the laptop.
Once again, thanks for the tips. I still need help on figuring out why something left that makes these spyware/anti-virus disable (spy-hunter, spybot, unhackme)...
any suggestion?
regards
0
Teo,
THank you so much for the tips.
it helped me a lot, thank you so much......after I did the CTRL+ALT_DEL thing... it didn't scan and it let remove it from Add/remove prgrams..............now I can feel calm already...thank you again
0
I first removed the .exe from the startup, but that wasn't enough to solve the problem for me. Maybe I was infected with a newer version of the "System security 2009" malware.

"System security 2009" also registered a .dll, found in Documents and Settings\YOUR USER\Local Settings\Temp

Look for .dll's there, the one you're looking for will have a random name, with many numbers and letters in it.
If you can't delete the .dll. it means it's loaded in the system. It's highly likely that it's the malware.

To remove the dll:

start/run, launch regedit.exe
ctrl+f, and search for the .dll name
remove all entries
reboot
now you can delete the malware .dll from the dir above
0
Another useful util I used is StartupCPL, which can be used to remove all the startup program entries from Windows. There are 3-4 ways a program can be auto started in Windows, it shows entries for all.

http://www.mlin.net/StartupCPL.shtml
0
I had the newer version of this malware that blocks all software, including task manager. I managed to get task manager running by executing this line from the run option under start menu:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f (found at https://www.winhelponline.com/xp/Taskmanager_error.htm

Once I had done this, the malware was still bringing up the block window, but if I hit CTRL+ALT+DELETE repeatedly and didn't close the block window, I could get the task manager open. After that, I found the same technique allowed me to install Malawarebytes Anti-malware from a CD I burned on another computer. Running the quick scan seems to have fixed everything, although I don't see any mention of "system security" in the files quarantined and deleted. Here's the log of the infected files it fixed:

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/8/2009 10:26:00 AM
mbam-log-2009-07-08 (10-26-00).txt

Scan type: Quick Scan
Objects scanned: 84888
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13351714 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\ld11.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Richard Gawne
Jul 10, 2009 at 02:29 PM
This is what I did..

I started Windows in Safe Mode. I used MSCONFIG, clicked the STARTUP TAB to disable the programs I did not reconize (at system startup). Note the file location for reference later.

I rebooted the computer, & the the virus did not load anymore - disable the correct exe files (generally number.exe).

I restarted my computer and then used a removal tool to delete the files or manually delete them using your written location reference.
0
All,
I got this shitty as well..:), here is what I did to clean it up.
1. Turn on the computer, when it logs in, press Ctrl-Alt-Delete right away to get the task managers up, short the thread. You must do it quick. When the spyware starts running, you will see 2 thread with numbers...click and kill both right a way. You only have 3-5 seconds to do this. If you don't do this quick, the task managers will go away and you need to restart the PC.

2. You also need to remember the numbers of these 2 thread. Then run regedit to search for registries associated to these 2 and delete them all.

3. Then go to C drive, search file/folder for these 2 thread again, delete them all.

Reboot the PC. Once you are doing this, you will get 90% of the application running. Still the anti-virus/spyware are disable, something is still left in the PC that I don't know.

Final step is install a anti-virus called Avast. It has option called boot time scan, what it does is to scan before anything start up
Download it here: https://www.avast.com/free-antivirus-download
Instruction to set it up: http://www.techiecorner.com/...

Lastly, be careful of what you download on the net, use a good anti-virus/spyware (which I did not...:) )
Darn, my eyes are sore after spending hours googling and reading the stuff...
Hope this help.
0
I HAD THE SAME PROBLEM. I TRIED THIS: MALWAREBYTES ANTI MALWARE. RUN UR COMPUTER IN SAFE MODE AND USE THIS PROGRAM. THE FIRST TIME I USED IT DIDN'T CLEAN IT ALL, SO I SCANNED MY COMPUTER AGAIN AND IT GOT EVERYTHING. MY COMPUTER IS BACK TO NORMAL
0
This criminal program infected one of the PC of my office. I could not eneter in a safe mode nor run any programs.
I have tried most of suggestions on the net without any success. At the end I managed it in the following way:
1. Turn on the computer, when it logs in, press Ctrl-Alt-Delete right away to get the task managers up, short the thread. You must do it quick. When the spyware starts running, you will see 2 thread with numbers (in my case18353904-025149a)...click and kill both right a way. You only have 3-5 seconds to do this. If you don't do this quick, the task managers will go away and you need to restart the PC. I managed to enter in a safe mode finally. I installed http://www.mlin.net/files/StartupCPL_EXE.zip that allowed me to see this file on automatically startup. I disabled it from HKLM / Run (- the Run registry key located in HKEY_LOCAL_MACHINE)
2. You also need to remember the numbers of these 2 thread. Then run regedit to search for registries associated to (use the “find” option) these 2 and delete them all.

3. Then go to C drive, search file/folder for these 2 thread again, delete them all.

GOOD LUCK
0
YES I HAD DA SAME FLIPIMG PROBLEM WERE UR COMPUTERS GONE CRAZY AND U CANT EVEN OPEN UP TASK MAGAER WELLL I WAS PECED OFF FOR THE WHOLE DAY SO LISTEN UP

STEP ONE : SWICH ON UR COMPUTER WHILE ITS SWITING ON LOGGING U IN U HAVE TO QUICKLY QUICKLY VERRY FAST U ONLY HV ABOUT 3_4 SECONDS PRES CTRL ALT DELETE TOGERTHER VERRY QUIK AND GO PROCCESSS VERRY FAST AND PREESS DELET FOR THE FIRST FING WICH IS HAS LOTS OF NUMBERS IS THE FIRST ONE CLIKE ON IT FAST PRESS DELETE AND DEN ENTER FAST DEN EVERY FING WILL GO BAK TO NORMAL TRUST ME IT WORKS ALL DEM OTHER ONZ DO DIS DEN DAT DOWNLOAD DIS GO DR ALL DAT RUBBISH DISS REALLY WORKS
0
HAY GAYS I NOE ITS SO PICCIN OFF BUT ILL LED U STEP BY STEP

STEP ONE : TURN ON UR COMPUTER WHILE UR LOGING IN VERRY QWIK AND VERRY QWIK U ONLY HV ABOUT 3TO 4 SECONDS SO DO IT FAST HOLD CTRL AND ALT AND DELETE TOGETHER AND IT WILL OPEN TASK MANAGER BUT U STILL HVE TO BE QWIK GO TO PROCESS AND DELET THE FIRST FING IN THE TOP LIST WICH IT WILL BE SOME NUMBERS DELETE DAT STRYT AWAY AND ULL HV ACCESSES

STEP TWO: MINIMIZE TASK MANGER

STEP THREE: GO TO STRAT> PROGRAMS> ACCSSORIES> SYSTEM TOOLS> SYSTEM RESTORE

STEP FOUR: OPEN SYSTEM PROPERTIES DEN TURN OFF SYSTEM RESTOR... AND APPLY.

STEP FIVE: STRAT RUN AND ENTER MSCONFIG AND DEN OKY

STEP SIX: DEN SOMIN OPENS DEN U GOTTA GO CLIK ON STRATUP AND FIND DA ONE DAT HAS ALL NUMBERS ON IT DISABLE IT PRESS APPLY AND DEN CLOSE OR OK DEN IT WILL SAY IF U WANNA RESTERT COMPUTER U CLIK RESTART


IF U DNT UNDERSTAND ME KLIK IN DIS VEDIO https://www.youtube.com/watch?v=SNV-BUBVgTY BUT SOME OF DIS DOSENT OCCAR DTS Y I TWISTED IT A LITTLE I HAD TO AND IT WORKED FR ME LOL



GOOD LUCK
0
Thanks! You are so right about having to be quick about holding on the ctrl/alt/delete keys.

This has been a real life (and headache) saver!! Most appreciated!
0
What Tho says works, you just have to bbe really quick with the task manager. Great thanks.
0
System Security is a rouge antivirus. Just go to google and search "remove system security" or "remove fake antivirus", there will be a lot of solution there.
0
I have just encountered this terrible website "personal security" I couldnt uninstall it and was really panicing HOWEVER...this webpage did the trick, is 100% genuine and is free.

https://www.myantispyware.com/2009/12/01/how-to-remove-personal-security-uninstall-instructions/

VERY PLEASED :0)
0
thank you very much man,i borrowed this computer from my nephew u just saved me thank u again.
0
I gotta say UNHACK ME 5.0 worked like a champ. I have spent days trying to remove this relentless virus. I ran into this forum and gave UNHACK ME a shot. It worked almost instantly. It looked somewhat generic and I was nervous at first but it found it in a matter of seconds. It will probably find other things as well. Since its registry files you should google other detected files to make sure they are not needed. Thanks for the suggestion, Im telling you it works!!!!
0