System Security is a rogue application or a component of another rogue application. There are several ways a fake/rogue application may enter into your computer. {slide=Tell me how it infects my computer! -      }

1) You may have downloaded it knowingly or unknowingly mistaking it to be something else.
2) It may have automatically downloaded while you were visiting some harmful website
3) Your computer may have a trojan virus which in turn downloads such an application.

Recently I have noticed that the malware authors are also keeping track of the removal instructions published on the internet. As soon as they think that the malware is exposed, they change the file/folder names and the locations where they are saved on the hard disk. So keeping this in mind you will require the latest information of the malware in order to be able to remove it.

If you happen to have access to the rogue/virus installer, you can submit it to threatexpert site and get it analyzed. That will help you to get the precise information about the virus.   
{/slide}
{slide=Tell me how I can use System Restore to rid of it! -  }

Trying system restore

 If you know the duration since your computer is infected, you can try to restore your computer at a prior date, that will work like a miracle in removing the infection

• Using system restore in windows XP
  •          Using system restore in windows Vista 
    
    

Free removal tools

• Special tools to remove a single virus or a family of virus.
• Free Online virus scanners
• Fully functioning antivirus/ antispyware

•  Free tools for windows XP
  
  
  • Free tools for windows Vista

Removing files manually

These are the steps to be taken to remove the infected files manually

Boot in safe mode

Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them.

• How to boot in safe in windows XP

• How to boot in safe mode in windows Vista

 Remove Processes from Task Manager 

Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a processe/s named systemSecurity.exe, system_security.exe, select if found and press the End Process button, confirm and then close the Task Manager.

 Optionally you can use Windows Defender to see the path of a currently running program/ process and its publisher, so as to differentiate malware processes from windows genuine processes.

• How to use Windows Defender in windows XP
  
  
  •         How to use Windows Defender in windows Vista

Removing entry from windows startup

The system configuration can be started in xp and in vista by typing msconfig in the run box/ start menu search box. In xp by clicking on Start > run . The windows startup is reversible, therefore you can check / uncheck any entry from windows startup any number of times.

After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the full path of the program, that will give you a clear idea, what program that is. Locate and uncheck the entries if  found
"System Security" or any random numeric name like "2063941586.exe" (look for any suspicious name) Uncheck the boxes in front of these entries. Also look at other entries, if you find an entry  of any of the malware files listed in this article, uncheck that too.  Press Apply , Press Close/Ok , at the next prompt select "Restart the computer"

 View Hidden Files

Before you could delete "System Security" and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders 

•  How to Enable to View Hidden Files and Folders in Windows XP
  •         How to Enable to View Hidden Files and Folders in Windows Vista

Delete files

After restarting the computer, use the windows search utility to search for "System Security". This search will find all its folders on

After installations it downloads and saves additional files on the hard disk. [ws.zip], 

These entries were found in the hijackthis log generated on a computer which was reportedly infected by system security. Programdata is a legitimate folder in Vista , as you can see the folder name is a random number, it could be any number, and that goes the same for the exe file also. You will also notice a randomly named DLL file in System32 folder, which will take some effort on your part to identity. 

Folders. These are random names and will be different on each computer.
C:\ProgramData\927548484 in Vista
C:\Program Files\927548484 in XP
C:\Documents and Settings\All Users\Application Data\1902913235

Files
C:\ProgramData\927548484\1137324417.exe
C:\Windows\system32\dadabcdba.dll

and corresponding registry entries , entries in the windows Startup, and processes in the Task Manager were found.

 Variation2) see threatexpert report for details
C:\Windows\System32\syssecure.exe

Variation3)  see threatexpert report for details
C:\autorun.inf
C:\Program Files\ System Security
C:\Program Files\ System Security\System_security.exe
C:\Documents and Settings\[UserName]\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML
C:\MELODY.EXE
C:\Windows\Tasks\sun.vbs
C:\Windows\Tasks\sex.vbs

[Variation4)  see threatexpert report for details C:\Windows\System32\sysecser.exe] [Variation5) see threatexpert report for details.C:\Windows\spoolsv.exe] [Variation6) see threatexpert report for details. C:\Windows\system.com.cn.ini ]
Variation7) see report .
C:\Documents and Settings\All Users\Application Data\pc1040554719ins

Run CCleaner

After deleting System Security and its associated files , as there will be leftover entries in the windows regitry. CCleaner is a free temp files/registry cleaner, that will automatically clean the registry as well as remove the temp files . Click here to read more

if you are comfortable in using the regedit command.  You can find a list of all the registry modifications done by different variations of this rogue on this link.

• How to edit registry in windows XP
  •           How to edit registry in windows Vista 

{slide=What if I have other problems! -  }

More Problems

If you are unable to open Task Manager, registry editor, system restore, Folder Options etc

If the virus has disabled them. There are free tools and techniques to solve this problem.  They are listed here.

Tools for Windows XP

Tools for Windows Vista

Use the system file checker

If you want to make sure that the windows system files are not altered by the virus, and in case if they are altered then to repair them.

•  How to run System File checker utility in windows XP
  •          How to run System File checker utility in windows Vista

Unable to access security related sites

Using Firewall

The different versions of this Malware try to connect to  following sites/servers/hosts . Block them if you find them in your firewall. (internetsecurityskim.com at port 80 , securityonlinescan.com at port 80,  secureshelldownload.com at port 80, securecrtdownload.com at port 80, safesoftwaretransfer.com at port 80, xgz.dnso.cn at port 8000, gxbl.gnway.net, yourstabilityscan.com,systemsecuritytool.com)

Reprinted with permission from ThreatExpert.com

{/slide}