System Security also known as System Security 2009 is a rogue antispyware program The rogue (fake) antispyware application is fresh version of Winweb Security. System Security is distributed through the use fake online malware scanners that tells you that your computer infected with variety of trojans and spyware and that you must install the software to clean your computer. During installation, System Security configures itself to run automatically every time, when you start your PC. The rogue antispyware may drastically slow the performance of your computer.
Once running, System Security will scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. Also one of these infections is c:\windows\system32\svchost.exe is actually legitimate Windows file. This file a very important system file, w/o that file, your computer would not work correctly.
System Security blocks the ability to run any programs, including Malwarebytes Anti-Malware. The following warning will be shown when you try to run any program:
WARNING!
Application cannot be executed. The file mbam.exe is
infected.
Please activate your antivirus software.
Also System Security changes desktop background to black with the message:
WARNING
YOUR`RE IN DANGER!
YOUR COMPUTER IS INFECTED WITH SPYWARE
While System Security is running your computer will show false security alerts and nag screens:
System Security Warning
Spyware.IEMonster activity detected. This is spyware that
attempts to steal passwords from Internet Explorer, Mozilla
Firefox, Outlook and other programs.
Click here to remove it immediately with System Security
System Security Warning
System Security has detected harmful software in your system.
We strongly recomended you to register System Security to
remove these threats immediately.
System Security
Harmful software detected
System Security has detected harmful software that can lead your PC crash.
Remove them Now by clicking Remove All button below.
System Security Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Security
System Security
WARNING 38 infections found!!!
If you are clicking on the fake alert then System Security will start a web browser and open a web site asking you to purchase the fake program. Computer users are urged to avoid purchasing this bogus program! Please ignore all fake alerts and use the following System Security removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log.
O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
O4 – HKLM\..\Run: [96857956] C:\Documents and Settings\All Users\Application Data\96857956\96857956.exe
O4 – HKLM\..\Run: [66867959] C:\Documents and Settings\All Users\Application Data\66867959\66867959.exe
Note: System Security uses random names for hide itself.
Use the following instructions to remove System Security (Uninstall instructions).
Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.
Doubleclick on the explorer.exe icon on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
O4 – HKLM\..\Run: [96857956] C:\Documents and Settings\All Users\Application Data\96857956\96857956.exe
O4 – HKLM\..\Run: [66867959] C:\Documents and Settings\All Users\Application Data\66867959\66867959.exe
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan to start scanning your computer for System Security associated files and any other trojan infections. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of System Security related items similar as shown below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Security removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
System Security creates the following files and folders
C:\Documents and Settings\All Users\Application Data\02042687
C:\Documents and Settings\All Users\Application Data\90436866
%UserProfile%\Pedro Adrian\Start Menu\Programs\System Security
C:\Documents and Settings\All Users\Application Data\02042687\02042687.exe
C:\Documents and Settings\All Users\Application Data\02042687\02042687.glu
C:\Documents and Settings\All Users\Application Data\02042687\pc02042687cnf
C:\Documents and Settings\All Users\Application Data\02042687\pc02042687ins
C:\Documents and Settings\All Users\Application Data\90436866\90436866.exe
%UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk
%UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk
%UserProfile%\Desktop\System Security 2009.lnk
Thank you, very, very much. I had 2 infected PCs and all my works are stopped. But with your orientation, the rogue was finished.
May I translate the page to Portuguese? This will help a lot of brazillian friends.
jcnote, try boot your PC in Safe mode with netowrking, then download and use Hijackthis
Luiz Paulo, yes of course. Only please insert a backlink to the article.
Thank you very much. I was able to get the computer back to normal in under five minutes.
Great post. Thanks!
Can anyone tell me how and/or where you acquire this virus in the begining? My mother keeps getting it on her computer.
Sheila, probably her computer is infected with a trojan that reinstalls the rogue.