I just got a prompt from System Security 2009 and I believe it is spyware because it keeps telling me to buy its full version program to remove what infections I may have.? How do I remove System Security 2009?? Thanks for the help
System Security 2009 is a rogue anti-spyware program that creates notifications of fake and false security risks in an attempts to get you to purchase the full version. If you give into its messages and click on the prompts, it will take you to the System Security 2009’s website where you will be prompted to purchase its full version. In reality, System Security 2009 program is not going to clean your computer from spyware but might actually expose you to more security threats.? System Security 2009 is a critical and dangerous piece of spyware that needs to be removed immediately.? Follow the steps below and you should be clean soon again!
Do a scan with our faithful tool: Malwarebytes? Anti-Malware!
- Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes? Anti-Malware and Launch Malwarebytes? Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select ?Perform Quick Scan?, then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected. <? very important
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. (You may need this for a later post on the forums!)
After your scan is complete, reboot and check for the following processes and folders:
Processes associated with System Security 2009:
05643921.exe
install.exe
00308937.exe
16026564.exe
Registry Keys associated with System Security 2009:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 shortcutpath
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 uninstallstring
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “00308937”
HKEY_LOCAL_MACHINE\Software\00308937
Files associated with System Security 2009:
%Documents and Settings%\All Users\Application Data\00308937\pc00308937ins
%Documents and Settings%\All Users\Application Data\00308937\00308937.exe
%Documents and Settings%\All Users\Application Data\00308937\config.udb
%UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk
%UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk
%UserProfile%\Desktop\System Security 2009.lnk
^**If you see any of those above, remove and reboot and redo a full system scan using Malwarebytes? Anti-Malware **
This should have you clean of the infection and back to safe surfing!
23 Responses
RONNN
June 14th, 2009 at 1:48 pm
1GOT RID OF IT YAY!!!!! HERES HOW.
START IN SAFE MODE. (F8 WHEN STARTING COMPUTER) GO TO START (BOTTOM LEFT) PROGRAMS, MAINTENCE, HELP AND SUPPORT, AND RESTORE YOUR COMPUTER TO A EARLYER DATE!!!!! AT 3 OR MORE DAYS, DEPENDING ON HOW LONG YOUVE HAD THE DAM VIRUS. THEN RESTORE IT , IT WILL TAKE YOUR PC BACK TO THE WAY IT WAS JUST BRFORE YOU GOT THE VIRUS. AND YOU WILL KEEP ALL YOUR PICS AND DOCUMENTS EVERYTHING IS GREAT, YAY! I WAS SCARED, BUT I KILLED IT. F*CK THE SYSTEM SECURITY!!!!
Hardy Panchal
June 14th, 2009 at 5:43 pm
2I am trying to install the Malwarebytes but the system security 2009 virus will not let me install it. it keeps posting the bubble in the left bottom corner of the screen saying “Application cannot be executed. The file mbam-setup.exe is infected.
Please activate your antivirus software”
Please help me out here, im very poor and cannot afford another computer! and this one seems to be absolutely useless in this condition. And i need a computer for school. Any help would be greatly appreciated! Thank You in advance.
Logan
June 17th, 2009 at 11:32 am
3hardy im having the same problem as you the only way is to find your factory restore disk and restore it completley
mike
June 26th, 2009 at 10:48 am
4system restore doesn’t work. System Security removes all restore dates
Dave
July 2nd, 2009 at 8:04 am
5Try and rename the mbam.exe to something else, I used my name and it allowed me to run it. I changed mbam.exe to dave.exe and executed the file. I had to hit ctrl alt del as soon as I saw windows open also. I shut down explorer.exe (my desktop) and watched as regcure.exe came up. I killed regcure.exe restarted explorer.exe and this allowed dave.exe to run.
lina
July 6th, 2009 at 1:28 pm
6i’m going to freakin die
…so frustrated…but this helped, thanks for being my cute
Angela
July 6th, 2009 at 5:02 pm
7I think I’ve gotten rid of it now, but the program “System Security” is still on the start menu, which makes me wonder if it’s REALLY gone? How can I remove it from the start menu?
SkyWolf
July 10th, 2009 at 9:19 pm
8ATTENTION!!!
SOLUTION to SYSTEM SECURITY 2009 (rogue)
For those of you who says: I cant open Task Manager, I cant open any Anti-virus, I cant open any Anti Malware(ex:Malwarebytes), I cant open ANY EXE.FILES!!!(because the virus blocks it ALL).
Then i have a simple yet effective trick:
RENAME THE FILE
if you rename the file then SYSTEM SECURITY will not be able to block it. which is good for you to activate the ANTI-etc.
The only problem is that you wont be able to open the task manager because you cant rename it. So my suggestion is to download: procexp from http://www.sysinternals.com
it is a free software that acts as a task manager; but the difference is that it is BETTER coz it shows even the hidden process (and it’s also user friendly)
if you have it, kill the thing that looks like a shield(SYSTEM SECURITY) then the rest of the instructions are free for you too find. hope this helps… ganbatte kudosai
Munklunk
July 13th, 2009 at 1:03 pm
9I just fixed the problem. Easier than I though it would be. Look under Documents and Settings%\All Users\Application Data0308937, or any file under “All users” with a long number attached. Open that file and you’ll see than goddamn shield. Drag and drop it onto your desktop, and then highlight and Cut it. Now reboot, and it will be neutralized. Run malware-bytes here and it will find the rest of the shitty files. Good luck!
Meeko
July 16th, 2009 at 2:27 am
10I freaked out when my computer got infected too.
I tracked the location of the system security file, tried to delete it but it wouldn’t let me.
I then renamed the extension (.exe to .xyz), then rebooted the computer. When my computer restarted it was working normally, so I could install all the anti-spyware programmes.
thankfull
July 16th, 2009 at 10:13 pm
11thanks to Munklunk I have been to forums all day and finally the folder you pointed to led me to getting some pc access back and running malwarebytes soon
Safe
July 20th, 2009 at 6:46 pm
12Thanks to Munklunk getting rid of this devilish virus was a breeze! Thank you soooooo much!!!!!!!!
Cynbear
July 22nd, 2009 at 8:30 pm
13Thank you Munklunk! I was finally able to install and run malwarebytes–I think I finally have my computer back!
Joe
August 4th, 2009 at 4:52 pm
14the best way to do this is to, download malwarebytes on a different computer, and copy the setup file to the infected computer. And do the scan in safe mode.
Appreciated
August 9th, 2009 at 11:03 pm
15Munklunk I appreciate you sharing the info, i was driven to ground with this virus, Thank you so much it worked wonders
kim
August 12th, 2009 at 1:37 pm
16I’ve spent the past two days trying to figure out how to get rid of this. All the instructions I had to get rid of it were locked out by this virus. I couldn’t even get in safe mode. My blood pressure was thru the roof! What a SCAM! I went to the actual website where you could buy “their” so-called software to look for a contact number. Someone was going to get an ear full! Can this be reported any where?
Dillon
August 22nd, 2009 at 10:39 pm
17After hours of work, my friend and I found a simple way to disable and remove System Security 2009. Our “strain” of the virus would not let us open Task Manager, Regedit, or Msconfig, which pretty much eliminates most instructions on the web, as they say “just go into Task Manager and end the process.”
That’s great, but what if you can’t open Task Manager? While you can run Task Manager in Safe Mode, the System Security isn’t running in that mode of course, so we couldn’t track down the files.
Here’s what you do:
1) Get into Safe Mode (reboot and tap F8 until boot instructions come up, choose Safe Mode).
2) Click Start > Run > type “msconfig” > hit enter.
3) Choose the “Startup” tab
4) Disable (uncheck) all non-Windows Programs.
5) You can read up about this, but most are okay to uncheck. There’s sometimes an option to not display Windows necessary tasks, leaving the rest for unchecking. There should be a few suspicious looking ones with random letters or numbers (Especially ones that have HKEY in the beginning of their root path). If unsure, uncheck them all except for ones that look like legit Windows programs
6) This SHOULD stop System Security 2009 from running when you reboot to your regular user.
7) NOTE where some of the weird startup programs are pointing to. This gives you clues as to where that all important System Security exe is located, although ours wasn’t even called “Systemsecurity2009.exe”!
Phase 2:
1) Hit Start > Run > type “regedit” > ctrl-F to search > type “systemsecurity2009” or “systemsecurity”
2) You should come up with a list of infected Registry Keys. Note where the FILES the keys point to are kept, not the Keys themselves (to the right of the column “command”
3) Navigate to these folders in Windows Explorer and delete the all important .exe files.
4) Continue to eradicate the files as you find them. Some will be random names/numbers.
5) Once you’re done eliminating the files, delete the Registry Keys through “regedit”
Hope this helps someone!
Dillon
August 22nd, 2009 at 10:48 pm
18Also, it should be noted our bug “.exe” was found in C:\Documents and Settins\All Users\Application Data\”random number folder name”
Your folder may be different, but you’ll know the right exe because it has a shield as the picture. Rename the “number” folder to something else to interrupt the virus process, and delete the exe file.
Gordon
August 31st, 2009 at 9:58 am
19I just got rid of this. I also had the nasty version that disables regedit, Task Manager, and System Restore.
I was able to reboot in safe mode (hit F8 during reboot). Once I was in safe mode, System Restore opened correctly and I was able to revert the system files back to the day before the virus hit.
Now everything is good again!
Brian
September 11th, 2009 at 9:16 am
20I had a similar problem. The virus Antivirus System PRO was causing popups all over the place and I was unable to open Task Manager, IE, or any other programs. I noticed Task Manager was open for a split second, so I tried hitting ctrl-alt-del quickly 3 times which caused a Task Manager window to stay open. In Task Manager I noticed a weird process named gpuesysguard.exe, which I ended (also look for “sysguard.exe” or any other process that doesn’t look legit). This allowed me to open IE and download Malwarebytes Anti-Maleware, which did a great job cleaning out my computer.
rin
October 26th, 2009 at 1:55 pm
21We had a really bad case of this annoying Malware here at the office: tons of warning popups and ballon, and oh joy, pr0n pop-ups. Wouldn’t let me get to Add/Remove programs, and it shut down every single antivirus program I had (malwarebyes, Search&Destroy; Adaware, AVG, Stinger…claimed they were “infected”) – Tried the idea with the folder above that people seemed to use successfully, but didn’t have that folder.
So far it seemed that starting in Safe Mods (you get to it by hitting F8 on startup) helped – it asked if I’d like to do a system restore, so I chose a restore point several days back.
That gave me control over the desktop again and I was able to run antivirus programs. No popups or anything for several hours so far. Fingers crossed.
Max
November 25th, 2009 at 3:17 pm
22Wow, that was annoying. Yea, I couldn’t get regedit, task manager, not even safe mode was working for me. Here’s what I did.
When I booted my computer, just as soon as Windows starts, just before the Sysguard Service Pro has a chance to start up, hit task manager. It should pop up. There you will see the evil sysguard file. Disable it and you can run all your files, including downloading the Malwarebytes or whatever scanning program you want to use.
Dustin
February 10th, 2010 at 2:08 am
23SKYWOLF thanks!
Tech Questions?
Categories
Links
Expert Zone
Support Forums
All trademarks and copyrights on this page are owned by their respective owners.
What the Tech is powered by WordPress - © Geeks to Go, Inc. - All Rights Reserved - Privacy Policy