Home‎ > ‎Windows PC‎ > ‎

Removal of Security Suite Virus

This virus causes fake alert pop-ups warning the user that they have malware and need to purchase their product to remove it. It will also disable key components of your computer which make it harder to remove.

Restart the infected computer in Safe Mode with Networking by pressing F8 upon restart and allow the user to login. If another key should be pressed, it should tell you on the boot screen. When Windows begins to load immediately press CTRL + ALT + DEL to bring up the task manager. This must be done quickly before the virus has a chance to load and disable access to the task manager. If you are unable to access the Task Manager, restart the computer and try again. Once open, click Processes and end the virus process. It should appear in the list as a bunch of random letters or numbers (e.g. ahfhajakf.exe). Once this process is killed, you should be able to work on this computer to remove the virus itself.

Change the folder options to show hidden files and folders.

On a Windows XP machine, open My Computer. Go to Tools and then Folder Options. Under the View tab, check Show hidden files and folders. Then navigate to the following location and delete the .exe file located there: C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\[random characters].exe There may also be a folder in that location with random letters as well. If this shows up, delete it.

On a Windows Vista/Windows 7 machine, open the Control Panel and then Folder Options. Under the View tab, check Show hidden files and folders.Then navigate to the following location and delete the .exe located there: C:\Users\%User Profile%\AppData\Local\[random characters].exe

Note: If these files won't let you delete them, you can try dragging them onto the desktop to delete them, or you may need to restart and run the computer in Safe Mode, this time without networking.

Make sure you are running the computer in Safe Mode with Netwokring  or normal settings when you do the following steps because you will need to get online. Because this virus often sets your browser to use and invalid proxy we need to change the settings back or you will not be able to access the Internet.

In Internet Explorer, go to Tools and then Internet Options. Go over to the Connections  tab and then click LAN Settings. If Use a proxy server for your LAN is checked, uncheck it and check Automatically detect settings. Press OK and your browser should be fixed.

In Firefox, go to Tools and then Options. Go over to the Advanced tab and then under Network click Settings and make sure No proxy is selected. Press OK and your browser should be fixed.

Once your internet is working again, navigate to http://www.malwarebytes.org and download the latest free version of Malwarebytes' Anti-Malware. Update the software and then run a Quick Scan (or if you have the time, a Full Scan, which is preferred but takes much longer). Once the scan has finished, view the items detected. Make sure they are checked and click Remove Selected. It may prompt you to restart to complete the removal process.

Additionally, you can download CCleaner from http://piriform.com/. run this program and select Run Cleaner. Click OK when it prompts you about permanently deleting files - these are temp files and deleting them poses no risk to your computer. Then navigate to Registry and choose Scan for Issues. Once the scan is complete select Fix Selected Issues.