Windows Security Suite is a rogue antispyware program from Virus Doctor rogue family (Malware Destructor 2009, Fast Antivirus 2009 … ). Like other fake antispyware software, it`s distributed through the use of malware and does not offer any protection to computer. Windows Security Suite uses fake alerts and false positives to trick you into buying the program.
Once Windows Security Suite is installed, it configures itself to run automatically every time, when you start your computer. In addition the program drops a few files. These files are actually harmless, but during the scan will determine as threats (spyware, malware and trojans). Once running, Windows Security Suite starts scanning the computer and list previously created files as threats to trick you to buy the software, in order to remove these reported infections. You can safely ignore them.
While Windows Security Suite is running, it blocks legitimate antivirus and antispyware programs (Kaspersky Antivirus, DrWeb, AdAware, McAfee, Norton AV, …). Your computer will display fake warning and fake security alerts from your windows taskbar. A few examples of the security alerts:
System alert
malicious applications, which contain trojans, were found
on your PC and need to be immediately removed. Click here to
remove these potentially harmful items using Windows Security Suite.
System alert
Windows Security Suite has detected potentially harmful
software in your system. It is strongly recommended that you
register Windows Security Suite to remove these threats
immediately.
Windows Security Suite can be safely removed from your computer along with any other malware if the proper steps are taken. If you are a non-techie computer user then this method of removing the rogue is for you.
Symptoms in a HijackThis Log
O1 – Hosts: 74.125.45.100 test1111.com
O1 – Hosts: 74.125.45.100 test1112.com
O1 – Hosts: 74.125.45.100 4-open-davinci.com
O1 – Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 – Hosts: 74.125.45.100 privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 secure-plus-payments.com
O1 – Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 – Hosts: 74.125.45.100 www.getavplusnow.com
O1 – Hosts: 74.125.45.100 www.securesoftwarebill.com
O4 – HKCU\..\Run: [Windows Security Suite] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\WIf5bc.exe” /s /d
Use the following instructions to remove Windows Security Suite (Uninstall instructions)
Download OTM by OldTimer from here.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Security Suite"=-
:files
%appdata%\Windows Security Suite
%appdata%\WINSSSys
:Commands
[Reboot]
Click the red Moveit! button. When the tool is finished, you may be prompted to Restart.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Security Suite infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Security Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows Security Suite creates the following files and folders
%appdata%\Windows Security Suite
%appdata%\WINSSSys
%appdata%\f5bc4e8
c:\documents and settings\all users\application data\WINSSSys\winss.cfg
%userprofile%\Desktop\Windows Security Suite.lnk
%userprofile%\Start Menu\Windows Security Suite.lnk
%userprofile%\Start Menu\Programs\Windows Security Suite.lnk
%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Security Suite.lnk
Windows Security Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows Security Suite”
Thanks
i was so up set with that lol
thanks 4 your help
Great site. I am a computer technician and I bookmarked this page!! Thanks guys.
You guys saved my life! That security suite blew right through my AVG. It then wouldn’t allow any access. Thanks
holy cow i cannot thank u enoughf,i was playin an old game called unreal and it kept on jammin me up.i got the scam/virus off of fresno county sherrifs site,go figure them pigs are tryin to get even……thanks again,ill recomend this angle to most anyone…………tips hat n say heres lookin at you folks
Hi all!! My pc had Security Suite on it. All I did was a system restore to a date before it was infected and it worked! I’m not saying it will work for everybody else, but definately worth a try 🙂
How do you know when your system was infected by this Windows Security Suite?
Ana, read above symptoms.
great help!!! tnx a lot
oh my god!!! super thank you with this!! i was really disappointed with that FAKE ANTIVIRUS~
again …THANK YOU SOOO MUCH!!!
Thanks a lots!
I’ve had this sick sittutions!
And this helps was very great for me!
How do I get rid of Windows Security Suite Firewall ?
Claudiu, ask for help at our Spyware removal forum.
How do I know I can trust your software and it isn’t another scam?
Read comments in the Internet. Both apps: OTM and MBAM are free and good.
thanks super life saver!!!
credit
Yea..Its really works…
THANK YOU SOOO MUCHHHHHHHHH
Got this virus on my grandson\’s laptop – tried a number of tools, Spyware Doctor, AVG etc and none of them removed it. Numerous web pages on how to remove it manually – but very complex and potentially system crashing if you get registry keys wrong.
After several hours – I ran an XP restore luckily there had been an automated retore point created 10 days ago on the laptop, this cleared the problem – so first look to see if you have a recent XP restore point and save yourself time and possibly money.
Some of the alleged solutions (which you have to purchase) look suspiciously like they are provided by the creator of Windows Security Suite (A double scam?)
Mike
THANKS SO MUCH.
THIS WORKS LIKE MAGIC
HIGHLY RECOMMENDED
Mike, system restore only repaired windows registry. For removing infected files your need to run Malwarebytes` anti-malware.
I got Windows Security Suite from a website and it messed up my Firefox IE,Chrome until i downloaded spyware doctor and it actually worked please thrust me on this one download spyware doctor then scan your computer and it is removed.
Thank You,You Welcome
In Advence
Thankyou soo much 4 this!! i was getting really upset im just worried now because i really was fooled & signed up for it only to realise it did nothing 🙁 im scared now! x
Thanks so much. This did the trick. Damn that malware.
Yessssssssssss…its works! Thank you so much.
THANK YOU SO MUCH!!!! Two days ago I made the mistake of actually clicking on these pop-ups that install this nuisance automatically. I was worried because my antivirus/anti-spy would not work and random pop-ups saying my computer was infected were bugging me. I will absolutely recommend this site to anyone who is having a problem. The steps were very easy to understand and execute. You have my sincerest thanks because I was afraid this would crash my computer thank you very much!!!!
There’s a new version out there. Mine installed itself to a diff number and Malware Bytes, Spybot and a couple of HijackThis reports haven’t beaten it yet.
I want to beat it so I can post details but not even sure how I caught it.
Lucky I made a system restore point a few hours before rebooting and it’s invasion.
alatari, please read these instructions and post both RSIT logs to new topic at Spyware removal forum.
I could reinfect to get the scans you need but I’ve done too much work to get good scans. I might reinfect a bench machine if I find the source.
Restore point for now.
This is complete BS. Not even close to removing Windows Security Suite.
thx a lot!! who ever is responsible for this site..