Removal of the Security Suite Virus

posted Sep 14, 2010, 1:32 PM by Joe Fahs   [ updated Jul 25, 2011, 5:41 AM by Victoria Galbreth ]
This virus causes fake alert pop-ups warning the user that they have malware and need to purchase their product to remove it. It will also disable key components to your computer which make it harder to remove.

Restart the infected computer in Safe Mode with Networking by pressing F8 upon restart (for most machines, if it is a different key it should tell you on the boot screen) and allow the user to login. When Windows begins to load immediately begin pressing CTRL+ALT+DEL to bring up the task manager. This must be done quickly before the virus has a chance to load and disable your ability to access the task manager (if you missed it – restart the computer and try again). Once open, go over to “Processes” and end the virus process. It should appear somewhere in the list as a bunch of random letters or numbers. (ex.ahfhajfakf.exe) Once this process is killed, you should be able to work on this computer to remove the virus itself.

Change the folder options to show hidden files and folders.

On a Windows XP machine, open My Computer. Go to “Tools” and then “Folder Options”. Under the “View” tab, check “Show hidden files and folders” Then navigate to the following location and delete the .exe file located there. There may also be a folder in that location, also with random letters. If this shows up, delete it as well.

C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\[random characters].exe

On a Windows Vista/Windows 7 machine, open the Control Panel and then “Folder Options”. Under the “View” tab, check “Show hidden files and folders”  Then navigate to the following location and delete the .exe file located there. There may also be a folder in that location, also with random letters. If this shows up, delete it as well.

C:\Users\%UserProfile%\AppData\Local\[random characters ].exe

Note: If these files won’t let you delete them, you can try dragging them onto the desktop to delete them, or you may need to restart and run the computer in Safe Mode (without networking).

Make sure you are running the computer in Safe Mode with Networking or normal settings when you do the following steps because you will need to get online. Because this virus often sets your browser to use an invalid proxy, we need to change the settings back or you will not be able to access the internet.

In Internet Explorer, go to” Tools” and then “Internet Options”. Go over to the “Connections” tab and then click “LAN Settings”. If “Use a proxy server for your LAN” is checked, uncheck it and check “Automatically detect settings”. Press OK and your browser should be fixed.

In Firefox, go to “Tools” and then “Options”. Go over to the “Advanced” tab and then under “Network” click “Settings” and make sure “No proxy” is selected. Press OK and your browser should be fixed.

Once your internet is working again, navigate to http://www.malwarebytes.org and download the latest free version of Malwarebytes’ Anti-Malware. Update the software and then run a Quick Scan (a full scan is preferred if you have the time – but will take much longer). Once the scan has finished, view the items detected, make sure they are checked and click “Remove Selected”. It may prompt you to restart to complete the removal process, which you can do.

Additionally, you can download CCleaner from http://www.piriform.com. Run this program and select “Run Cleaner” (click OK when it prompts you about permanently deleting files – these are temp files and do not matter). Then navigate to “Registry” and choose “Scan for issues”. Once the scan is complete select “Fix selected issues”.

Contributed by Brittany Taylor