Comments on: How to remove System Security 2009

By: rin

rin — Mon, 26 Oct 2009 19:55:51 +0000

We had a really bad case of this annoying Malware here at the office: tons of warning popups and ballon, and oh joy, pr0n pop-ups. Wouldn't let me get to Add/Remove programs, and it shut down every single antivirus program I had (malwarebyes, Search&Destroy; Adaware, AVG, Stinger...claimed they were "infected") - Tried the idea with the folder above that people seemed to use successfully, but didn't have that folder.

So far it seemed that starting in Safe Mods (you get to it by hitting F8 on startup) helped - it asked if I'd like to do a system restore, so I chose a restore point several days back.

That gave me control over the desktop again and I was able to run antivirus programs. No popups or anything for several hours so far. Fingers crossed.

By: Brian

Brian — Fri, 11 Sep 2009 15:16:43 +0000

I had a similar problem. The virus Antivirus System PRO was causing popups all over the place and I was unable to open Task Manager, IE, or any other programs. I noticed Task Manager was open for a split second, so I tried hitting ctrl-alt-del quickly 3 times which caused a Task Manager window to stay open. In Task Manager I noticed a weird process named gpuesysguard.exe, which I ended (also look for "sysguard.exe" or any other process that doesn't look legit). This allowed me to open IE and download Malwarebytes Anti-Maleware, which did a great job cleaning out my computer.

By: Gordon

Gordon — Mon, 31 Aug 2009 15:58:15 +0000

I just got rid of this. I also had the nasty version that disables regedit, Task Manager, and System Restore.

I was able to reboot in safe mode (hit F8 during reboot). Once I was in safe mode, System Restore opened correctly and I was able to revert the system files back to the day before the virus hit.

Now everything is good again!

By: Dillon

Dillon — Sun, 23 Aug 2009 04:48:12 +0000

Also, it should be noted our bug ".exe" was found in C:\Documents and Settins\All Users\Application Data\"random number folder name" Your folder may be different, but you'll know the right exe because it has a shield as the picture. Rename the "number" folder to something else to interrupt the virus process, and delete the exe file.

By: Dillon

Dillon — Sun, 23 Aug 2009 04:39:22 +0000

After hours of work, my friend and I found a simple way to disable and remove System Security 2009. Our "strain" of the virus would not let us open Task Manager, Regedit, or Msconfig, which pretty much eliminates most instructions on the web, as they say "just go into Task Manager and end the process." That's great, but what if you can't open Task Manager? While you can run Task Manager in Safe Mode, the System Security isn't running in that mode of course, so we couldn't track down the files. Here's what you do: 1) Get into Safe Mode (reboot and tap F8 until boot instructions come up, choose Safe Mode). 2) Click Start > Run > type "msconfig" > hit enter. 3) Choose the "Startup" tab 4) Disable (uncheck) all non-Windows Programs. 5) You can read up about this, but most are okay to uncheck. There's sometimes an option to not display Windows necessary tasks, leaving the rest for unchecking. There should be a few suspicious looking ones with random letters or numbers (Especially ones that have HKEY in the beginning of their root path). If unsure, uncheck them all except for ones that look like legit Windows programs 6) This SHOULD stop System Security 2009 from running when you reboot to your regular user. 7) NOTE where some of the weird startup programs are pointing to. This gives you clues as to where that all important System Security exe is located, although ours wasn't even called "Systemsecurity2009.exe"! Phase 2: 1) Hit Start > Run > type "regedit" > ctrl-F to search > type "systemsecurity2009" or "systemsecurity" 2) You should come up with a list of infected Registry Keys. Note where the FILES the keys point to are kept, not the Keys themselves (to the right of the column "command" 3) Navigate to these folders in Windows Explorer and delete the all important .exe files. 4) Continue to eradicate the files as you find them. Some will be random names/numbers. 5) Once you're done eliminating the files, delete the Registry Keys through "regedit" Hope this helps someone!

By: kim

kim — Wed, 12 Aug 2009 19:37:28 +0000

I've spent the past two days trying to figure out how to get rid of this. All the instructions I had to get rid of it were locked out by this virus. I couldn't even get in safe mode. My blood pressure was thru the roof! What a SCAM! I went to the actual website where you could buy "their" so-called software to look for a contact number. Someone was going to get an ear full! Can this be reported any where?

By: Appreciated

Appreciated — Mon, 10 Aug 2009 05:03:14 +0000

Munklunk I appreciate you sharing the info, i was driven to ground with this virus, Thank you so much it worked wonders

By: Joe

Joe — Tue, 04 Aug 2009 22:52:09 +0000

the best way to do this is to, download malwarebytes on a different computer, and copy the setup file to the infected computer. And do the scan in safe mode.

By: Cynbear

Cynbear — Thu, 23 Jul 2009 02:30:14 +0000

Thank you Munklunk! I was finally able to install and run malwarebytes--I think I finally have my computer back!

By: Safe

Safe — Tue, 21 Jul 2009 00:46:46 +0000

Thanks to Munklunk getting rid of this devilish virus was a breeze! Thank you soooooo much!!!!!!!!

By: thankfull

thankfull — Fri, 17 Jul 2009 04:13:37 +0000

thanks to Munklunk I have been to forums all day and finally the folder you pointed to led me to getting some pc access back and running malwarebytes soon

By: Meeko

Meeko — Thu, 16 Jul 2009 08:27:28 +0000

I freaked out when my computer got infected too.
I tracked the location of the system security file, tried to delete it but it wouldn't let me.
I then renamed the extension (.exe to .xyz), then rebooted the computer. When my computer restarted it was working normally, so I could install all the anti-spyware programmes.

By: Munklunk

Munklunk — Mon, 13 Jul 2009 19:03:28 +0000

I just fixed the problem. Easier than I though it would be. Look under Documents and Settings%\All Users\Application Data0308937, or any file under "All users" with a long number attached. Open that file and you'll see than goddamn shield. Drag and drop it onto your desktop, and then highlight and Cut it. Now reboot, and it will be neutralized. Run malware-bytes here and it will find the rest of the shitty files. Good luck!

By: SkyWolf

SkyWolf — Sat, 11 Jul 2009 03:19:26 +0000

ATTENTION!!!

SOLUTION to SYSTEM SECURITY 2009 (rogue)

For those of you who says: I cant open Task Manager, I cant open any Anti-virus, I cant open any Anti Malware(ex:Malwarebytes), I cant open ANY EXE.FILES!!!(because the virus blocks it ALL).

Then i have a simple yet effective trick:
RENAME THE FILE

if you rename the file then SYSTEM SECURITY will not be able to block it. which is good for you to activate the ANTI-etc.

The only problem is that you wont be able to open the task manager because you cant rename it. So my suggestion is to download: procexp from http://www.sysinternals.com
it is a free software that acts as a task manager; but the difference is that it is BETTER coz it shows even the hidden process (and it's also user friendly)

if you have it, kill the thing that looks like a shield(SYSTEM SECURITY) then the rest of the instructions are free for you too find. hope this helps... ganbatte kudosai

By: Angela

Angela — Mon, 06 Jul 2009 23:02:47 +0000

I think I've gotten rid of it now, but the program "System Security" is still on the start menu, which makes me wonder if it's REALLY gone? How can I remove it from the start menu?