System Security is a rogue application or a component of another rogue application. There are several variations of its infection. The major characteristic of this malware is that it creates several files in the Temp directory, therefore if you empty the temp folder using a freeware application as CCleaner, that will relieve you of most of the infection. Also you should be prepared to manually remove its registry keys. [All the tools/ software mentioned in this article are fully functional freeware] You are welcome to add at the end of this article if you have any questions/ suggestions etc
Trojan Removers: As you know, that this malware could be installed by a Trojan, therefore you will also need to remove that Trojan as well. Try these free tools. Click here to read more...
Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more...
If you are unable to open Task Manager Sometimes you are not able to open the task manager, the run command etc. The virus does this. There are free tools to solve this problem. They are listed here. See which is helpful for you. Click here to read more...
Remove Processes from Task Manager Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a processe/s named systemSecurity.exe, system_security.exe or other file names listed in the files and folders section below. select if found and press the End Process button. It will prompt you , say yes, and then close the Task Manager. Optionally if you use a freeware tool called "Zenturi program checker" You may be able to see the path of a process in the task manager, and from the list of malware files given in this article you may be able to locate the malware processes from windows genuine processes .
Removing a Program from windows startup: The system configuration utility can be started in xp and in vista by typing msconfig in the run box. The run box can be opened in xp by clicking on Start > run The best part of windows startup is that the setting is reversible, therefore you can check / uncheck any entry from windows startup any number of times. So do not hesitate to uncheck anything that you find doubtful. You can always check it back if you later come to know that it is something useful.
After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program on the hard disk, that will give you a clear idea, what program that is. Locate and uncheck the entries if found "System Security" (look for any suspicious name) Uncheck the boxe in front of these entries. Also look at other entries, if you find an entry of any of the malware files listed in this article, uncheck that too. This step is very important. The further cleaning depends on cleaning this list. Press Apply , Press Close/Ok , at the next prompt select "Restart the computer".
Searching andd Deleting the Folders / files on the hard disk After restarting the computer, use the windows search utility to search for"Antivirus 2008 XP". This search will find all its folders on
the hard disk , delete the folders from the hard disk. You may find the folder in more than one location. Delete its all instances.There are some more files other than this directory. You may need to enable to view hidden files and folders if you can not see the folders listed below. In XP, Control panel > Folder options > View . Locate "Hidden Files and Folders", select "View hidden files and folders" , press Apply, press ok.
C:\Documents and Settings\[UserName]\Start Menu\Programs\System Security Delete all the above folders if found.
After installations it downloads and saves additional files on the hard disk. [ws.zip],
These entries were found in the hijackthis log generated on a computer which was reportedly infected by system security. Programdata is a legitimate folder in Vista , as you can see the folder name is a random number, it could be any number, and that goes the same for the exe file also. You will also notice a randomly named DLL file in System32 folder, which will take some effort on your part to identity.
Folders C:\ProgramData\927548484 C:\Documents and Settings\All Users\Application Data\1902913235
and corresponding registry entries , entries in the windows Startup, and processes in the Task Manager were found.
Variation2) see threatexpert report for details C:\Windows\System32\syssecure.exe
Variation3) see threatexpert report for details C:\autorun.inf C:\Program Files\ System Security C:\Program Files\ System Security\System_security.exe C:\Documents and Settings\[UserName]\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML C:\MELODY.EXE C:\Windows\Tasks\sun.vbs C:\Windows\Tasks\sex.vbs
[Variation4) see threatexpert report for details C:\Windows\System32\sysecser.exe] [Variation5) see threatexpert report for details.C:\Windows\spoolsv.exe] [Variation6) see threatexpert report for details. C:\Windows\system.com.cn.ini ] Variation7)see report . C:\Documents and Settings\All Users\Application Data\pc1040554719ins
Manually removing malware entries from Registry .
You can edit the registry by using the windows built in registry editor. You can edit the registry by using the windows built in registry editor. Click here to read more...
These registry keys may be found on an infected computer. Delete them if found.
Varition2) Disables Task Manager and the registry editor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig\DEBUG HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Using CCleaner: CCleaner is a freeware temp files and registry cleaner. We need to use this type of software because almost all the infection that occur through internet, come through the temp files, and unfortunately windows does not remove temp files automatically.
Using Antivirus Application: Follow this step, if even after applying all the above steps, the virus still shows its presence in the computer. Your best helper is the antivirus program on your computer. Keep it always updated. Click here to read more...
Using the system file checker: Follow this step if you notice trouble in the normal functioning of windows. Click here to read more...
Unable to access security related sites
- It can happen if your Hosts file has been altered. To repair/ edit the hosts file. Login as administrator. open the following file in notepad C:\ WINDOWS \system32 \drivers \etc \hosts remove anything other than 127.0.0.1 Localhost, and save and close the file. In some cases there may be entries created by you or some security application installed on your computer to block malicious sites on your computer, but there is no reason for security related sites to be in this list. - if possible use another computer to download the software needed for repairing your computer, and then copy and transfer it to the infected computer using any available means like a pen drive. - if you are using only internet explorer, and if it is blocked from visiting some of the security related sites, try to download/ install Firefox browser, and see if you can use it for the same purpose.
Block the following connections / sites
The different versions of this Malware try to connect to following sites/servers/hosts . Block them if you find them in your firewall. (internetsecurityskim.com at port 80 , securityonlinescan.com at port 80, secureshelldownload.com at port 80, securecrtdownload.com at port 80, safesoftwaretransfer.com at port 80, xgz.dnso.cn at port 8000, gxbl.gnway.net, yourstabilityscan.com)
Thank you very much for posting this very informative website. I battled this virus for three days before finally being able to get rid of it (I hope!) with you help.
please see the article on this site about how to regain control of task manager
http://comprolive.com/welcome/index.php/tu torials/20-windows/65-regain-task-manager
please help me!!
i am unable to download anything whenever i try to download something to enable my task manager it doesnt acknowledge that it was downloaded and i cant open the program even if it is!!
Um do I just follow whatever it says on the youtube video? This complicated because there's a lot of things saying on this site. What do we do first? Middle? Last?! I have no idea. I for one, have System Security 2009 all of a sudden on my other computer. Very weird. =(!
Ray, you need to follow the steps in this order
1) Disable system file chekcer
2) Boot in safe mode and run the antivirus programs
3) Do a scan using one of the freeware online scanners like TrendMicro Housecall, or BitDefender etc
Everything that i seem to try is blocked by the system security. it says "application cannot be executed, the file ******.exe is infected.Please activate your antivirus software." I have tried the command prompt, i have tried to download trojan removers, your free tools to regain task manager,everything i dowload keeps saying is infected. i got copies of the REGEDIT, MSCONFIG and Task Manager and they dont open.The thing even some how disactivated my Eset NOD32 Antivirus(failed to communicate).I can enter the system restore. Dont know what to do. Hope you can help me.
if you are using XP, then do a repair install of windows, it is non destructive instalation of windwos. You can find a video about "repair install" on my channel youtube.com/srajure
I have used the tutorial for deleting the system security virus from my computer by Malware and Ccleaner in safe mode. But I am having some problem my computer doesn't start in normal mode..What should i do? When I searched for system security it gave me only two system.security.dll in C:\..\microsoft\framework.net\some thing so I have not deleted this.
if you are using XP, then do a repair install of windows, it is non destructive
instalation of windwos. You can find a video about "repair install" on
my channel youtube.com/srajure
if you are using XP, then do a repair install of windows, it is non destructive
instalation of windwos. You can find a video about "repair install" on
my channel youtube.com/srajure
there is no legal/ or full version of that software. It is basically created to scare you into thinking that your computer is infected, and that's it. If you pay on their site, the money will be gone wothout trace and you won't here anything from them afterwards. It is simply 21th century online pick pocketing
the new version of system security does not allow you to open any programs, unless in safe mode but it doesnt show there. Same with CCleaner. What to do????????
