System Security also known as System Security 2009 is a rogue antispyware program The rogue (fake) antispyware application is fresh version of Winweb Security. System Security is distributed through the use fake online malware scanners that tells you that your computer infected with variety of trojans and spyware and that you must install the software to clean your computer. During installation, System Security configures itself to run automatically every time, when you start your PC. The rogue antispyware may drastically slow the performance of your computer.
Once running, System Security will scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. Also one of these infections is c:\windows\system32\svchost.exe is actually legitimate Windows file. This file a very important system file, w/o that file, your computer would not work correctly.
System Security blocks the ability to run any programs, including Malwarebytes Anti-Malware. The following warning will be shown when you try to run any program:
WARNING!
Application cannot be executed. The file mbam.exe is
infected.
Please activate your antivirus software.
Also System Security changes desktop background to black with the message:
WARNING
YOUR`RE IN DANGER!
YOUR COMPUTER IS INFECTED WITH SPYWARE
While System Security is running your computer will show false security alerts and nag screens:
System Security Warning
Spyware.IEMonster activity detected. This is spyware that
attempts to steal passwords from Internet Explorer, Mozilla
Firefox, Outlook and other programs.
Click here to remove it immediately with System Security
System Security Warning
System Security has detected harmful software in your system.
We strongly recomended you to register System Security to
remove these threats immediately.
System Security
Harmful software detected
System Security has detected harmful software that can lead your PC crash.
Remove them Now by clicking Remove All button below.
System Security Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Security
System Security
WARNING 38 infections found!!!
If you are clicking on the fake alert then System Security will start a web browser and open a web site asking you to purchase the fake program. Computer users are urged to avoid purchasing this bogus program! Please ignore all fake alerts and use the following System Security removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log.
O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
O4 – HKLM\..\Run: [96857956] C:\Documents and Settings\All Users\Application Data\96857956\96857956.exe
O4 – HKLM\..\Run: [66867959] C:\Documents and Settings\All Users\Application Data\66867959\66867959.exe
Note: System Security uses random names for hide itself.
Use the following instructions to remove System Security (Uninstall instructions).
Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.
Doubleclick on the explorer.exe icon on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
O4 – HKLM\..\Run: [96857956] C:\Documents and Settings\All Users\Application Data\96857956\96857956.exe
O4 – HKLM\..\Run: [66867959] C:\Documents and Settings\All Users\Application Data\66867959\66867959.exe
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan to start scanning your computer for System Security associated files and any other trojan infections. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of System Security related items similar as shown below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Security removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
System Security creates the following files and folders
C:\Documents and Settings\All Users\Application Data\02042687
C:\Documents and Settings\All Users\Application Data\90436866
%UserProfile%\Pedro Adrian\Start Menu\Programs\System Security
C:\Documents and Settings\All Users\Application Data\02042687\02042687.exe
C:\Documents and Settings\All Users\Application Data\02042687\02042687.glu
C:\Documents and Settings\All Users\Application Data\02042687\pc02042687cnf
C:\Documents and Settings\All Users\Application Data\02042687\pc02042687ins
C:\Documents and Settings\All Users\Application Data\90436866\90436866.exe
%UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk
%UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk
%UserProfile%\Desktop\System Security 2009.lnk
I got sucked into this shit last night it wont let me go onto my tools not web page wont let me do anythink on my pc i tried to deleate the programme it stops me no matter what i clcik i get the message do you want to continue without protection then is closes me down i reboot and the same thing now im logged into my daughters account on same computer and it seems to be ok but slow so now i have no idea what to do apart from if i could ring them up
Looks like you are still infected, please follow these steps.
Need help, everytime i try to downloand malware, this system sercuity program blocks it, saying its infected. How do i get around this?
Tim, before saving Malwarebytes Anti-malware, rename it first. Read the article – Malwarebytes won`t install, run or update – How to fix it
my windows XP SP2 was installed System Security when I visited a youtube site. I lost control to my computer & I can’t open any program. By the way, my XP is protected by antivirus software CA. They showed a lot of things. Warning me a lot. I can not use my computer even though I restarted it. So I registered System Security & paid by credit card. Then my computer is back. I can change its settings & forbide it start with windows. But I got other problem.
1. when I start my computer, it always shows me MEMCHECK.EXE as problem before I login to my account.
2. After I login, it seems everything looks fine. But I can’t print anything from Outlook express, word, excel, etc. My printer always printed blank paper. Just one time, I printed 2 pages of excel file. the first page is blank & second page is OK. I tried to switch to Aministrator account, printing is work. By the way, my account is also admi privilege.
3. my computer is connected to company server. So I can check our software to check our stock or some info. Before system security invade, it works properly. But now, it still works & would closed suddenly. Just several minutes. But I don’t have similar problem with IE or Excel, etc.
I called system security & cancelled it. They said I can delete it from systemsecurityonline.com & there is a file wscleaner.exe. I can use it to unistall system security. But I used it & it loaded system security to system & nothing happened. so they told me I had to wait for 2 business days.
please let me know if I have to wait for that tow days. Or I can use your suggested software to remove it thoroughly. Can I get my printing & our software working properly? Thanks for help.
I use my personal computer to post this. So some info I said is not so exactly as I saw today. Just want you know what happend & what’s my present problem. Hope you can help me out? Thanks
do you think it would be better if I use smitfraudfix first?
Chris, try Malwarebytes Anti-malware, its very good program, and free for use.
I finally was able to do a quick scan Malwarebytes and I deleted all files that were infected but as soon as I went on the internet the Virus came back. How do I keep it from coming back after I get rid of it?
Marqus, probably your computer infected with hidden trojan/rootkit. Ask help at our Spyware removal forum.
What a briliant idea to rename scanner to explorer.exe . Makes me feel bad I didn’t come with that idea… lol
I’ve spent few hours renaming and trying to start Malwarebytes from safe mode and whatewer, but renaming it to explorer.exe did the job. Frikin \
HOW DO I TAKE THAT OFF’
Awesome, thanks. I really got scared by this virus since I did not have admin rights on the computer. You made my day =)
JH0N, use steps above or ask help at our Spyware removal forum.
H-E-L-P HELP!!!
i’ve Been Sitting Here For Hours! Trying All These Thing Yuh Have All Said! and Nothing i Mean Nothing At All Will Open and iTs Aggervating Me!!
i’ve Tried TO Download Hijack and Restore System But Nothing At All iS Working!!! Please Please Please Hope Someone Can Help My Cause iM Completly Hopeless!
P.S.
Please Help Fast
Before We Have To Pay To
Get iT Removed! Thanks!
Chelsea, if the instructions above did not help you, then follow these steps. I will help at our Spyware removal forum.
Patrik, The Link Won’t Go Everytime i Try And Click On iT, iT Just Highlights The Text So Can You Do Something About That Please And Thank You.
Chelsea,
sorry, i have made a mistake in the link. Please try again.
Patrik,
Thanks For Trying To Help But HijackThis Doesn’t Even Open On My Computer SYSTEM SECURITY Won’t Let iT.
Chelsea, ask help at our Spyware removal forum.
Here is how I fixed it:
Per another users advice, hit CTRL ALT DEL as soon as desktop comes up and kill the process that is all numbers – might have to reboot a couple of times to get get it to work – it’s a timing issue. You have to kill the process that is all numbers BEFORE it shutsdown task manager
Once I killed that process, I ran HiJackThis and killed the suspicious looking items. I had to run a script file(google regtools.vbs) to re-enable registry editing.Reboot, then run Hijack This and delete any other weird stuff.
After that I installed and ran SuperAntispyware, Malware Bytes, Ad-aware, Spybot and AVG Antivirus.
I spent almost 5 hours trying to get rid of the system security virus. I tried the task mgr, safe mode, start, msconfig but my applications just won’t work!! BUT I finally got lucky using the ctl-alt-del just before all the programs got set-up, the task manager pop up and the SS virus didn’t get the chance to show up! Then I did system restore, change the date to maybe 3 days ago. Now everything is back to normal!! i hope i am making sense but it does worked!
Hey there, I managed to get rid of the System Security 2009 from my computer but when I went and ran an anti-malware software to make sure it was gone it found numerous ‘infections’. I deleted these infections but now my internet won’t work. Any suggestions as to why ?? Is it possible the anti-malware software deleted files that my computer need to run the internet ??
PB, read the article, scroll down to Additional steps.
Thank you so much! Worked perfectly, I read through all the steps and followed them exactly. No more problems other than my system restore points are all gone 🙁
Thanks again!
ATTENTION!!!
SOLUTION to SYSTEM SECURITY 2009 (rogue)
For those of you who says: I cant open Task Manager, I cant open any Anti-virus, I cant open any Anti Malware(ex:Malwarebytes), I cant open ANY EXE.FILES!!!(because the virus blocks it ALL).
Then i have a simple yet effective trick:
RENAME THE FILE
if you rename the file then SYSTEM SECURITY will not be able to block it. which is good for you to activate the ANTI-etc.
The only problem is that you wont be able to open the task manager because you cant rename it. So my suggestion is to download: procexp from http://www.sysinternals.com
it is a free software that acts as a task manager; but the difference is that it is BETTER coz it shows even the hidden process (and it’s also user friendly)
if you have it, kill the thing that looks like a shield(SYSTEM SECURITY) then the rest of the instructions are free for you too find. hope this helps… ganbatte kudosai
I thought I couldn’t access ‘safe mode’ – but it was the only option so I just kept rebooting and hitting F8 – finally I caught the timing and I was in! (we’re talking hours). I think I found the 123456 random # file in ‘my favorite playlist’ or something like that. I don\t have a playlist, never did. It was 0 bytes – so I deleted it, ran the anti malware software and I think I’m good.
Thanks to everyone who posted. No one individual solution worked, but by reading and trying, it’s gone!!!!!!!!!!
Thanks Again, Dsh2
The issue I am having is the system security is blocking my access to the internet. I cannot download MBAM as suggested. Is there any other way I can begin to resolve if i don’t have internet access on the infected computer? Any help is appreciated. Thank you!
used Malwarebytes a few times since intial scan( yeah, i’m paranoid). but it hasnt found anything related to system security 2009.
though it keeps finding other things..