How to remove Security Suite (Uninstall guide)

Security Suite is a malicious program that classified as rogue (fake) antispyware and uses misleading methods such as fake security alerts, false scan results to push people into purchasing it. Important to know, the program cannot detect and remove viruses, malware and trojans, as well as not be able to protect you from possible infections in the future. Need to remove Security Suite from your computer as quickly as possible!

Like other rogue antispyware program, it installs itself onto your computer through the use of trojans or a malware that pretend to be a video codec or a flash update needed to watch a video online. When the trojan or malware started, it will install Security Suite onto your computer without your permission and knowledge. Moreover, it can install another malware or trojan (TDSS trojan, for example) that can block the work of most antivirus and antispyware applications, redirect you from sites that you want to visit on a completely other and lead to leakage of personal information to third parties. Therefore it is important to fully check your computer with a good antispyware tool to remove not only Security Suite but other trojans and viruses that could get on the computer with it. Below I will give several methods to remove this malware from your PC for free.

When Security Suite is started, it begins to scan the computer and detects a large number of trojans, viruses, worms, etc. These results, as well as self scanning, is nothing but a scam. To complete the picture of what your computer is infected with dangerous viruses, it will display numerous fake security alerts and pop-ups, that stats that the computer is infected and offering to buy or activate the full version of this fake antispyware program. Some of the alerts:

Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an
internet virus. It could be a password-stealing
attack, a trojan-dropper or similar.

Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.

However, like false scan results above, all of these alerts and warnings are just a fake. This is a method of misleading tactic to make you think your computer is infected with all sorts of malicious software. Like false scan results you can safely ignore them.

What is more, Security Suite may block all legitimate Windows applications from running. The following warning will be shown when you try to run a program:

Application cannot be executed. The file {program} is infected.
Do you want to activate your antivirus software now.

In addition to the above-described, Security Suite will hijack your Internet Browser by configuring it to use a malicious proxy server so, it will display a warning page that stats “Internet Explorer Warning – visiting this web site may harm your computer!”. Do not trust it, like other false security alerts, this warning is used to scare you into thinking that your computer in danger.

As you can see, Security Suite wants to make you think that your computer is infected with a lot of viruses and malware, but the only real infection is the fake security program itself. You should remove it immediately after the discovery on the your computer. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove Security Suite and any associated malware from your computer for free.

Symptoms in a HijackThis Log

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Method 1. Removal instructions for Security Suite in Safe mode with networking

Step 1. Reboot your computer in Safe mode with networking.

Restart your computer.

After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.

Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.

Windows Advanced Options menu

When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.

Step 2. Reset Internet Explorer Proxy options.

Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.

Internet Explorer – Tools menu

You will see window similar to the one below.

Internet Explorer – Internet options

Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.

Internet Explorer – Lan settings

Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.

Step 3. Remove Security Suite and any associated malware.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Method 2. Removal instructions for Security Suite in Normal mode

Step 1.

Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.

Internet Explorer – Tools menu

You will see window similar to the one below.

Internet Explorer – Internet options

Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.

Internet Explorer – Lan settings

Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”

www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;

When you finished, you will see a screen similar below:

Internet Explorer – Proxy settings

Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.

Step 2.

Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.

Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.

Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] C:\Documents and Settings\Username\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
O4 – HKCU\..\Run: [{RANDOM}] C:\Documents and Settings\Username\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Once finished you will see a screen similar to the one below.

HijackThis

Note: list of infected items may be different. Template of the malicious entry:
Variant 1: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}shdw.exe;
Variant 2: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}tssd.exe
If you unsure, check them in Google.

Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.

Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.

Step 3.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Security Suite. MalwareBytes Anti-malware will now remove all of associated files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Security Suite Removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Security Suite creates the following files and folders

%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Security Suite creates the following registry keys and values

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable = “1”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:{RANDOM}”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations | “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments | “SaveZoneInformation” = “1”