[cajun62234]

I've been attacked a few times during the past 2 years by the "System Security" virus...it pops up, begins scanning the computer.....absolutely takes control !!! Nothing you can do [except to agree to it's selection tabs] or hit the 'red X' in the upper right... very, very nasty virus...

I'd like your expert opinion on my technique on getting rid of it:
I shut my computer down, then kept clicking the F8 key until it prompted me if I wanted to Startup in Safe Mode...
I did so, then it prompted me if I wanted to Startup in System Restore, which I did...once it was fully booted, I ran Malicious Removal Tool, Malwarebytes, Trojanhunter and then a deep scan in Bitdefender.... so far, so good....

Is there a better technique??? System Security will NOT allow you beyond their 'screen of death'...

Thanks in advance//

[Advertisements]

Safe Mode is the way to go but you should be able to get rid of it without a System Restore.

Judging by the write up on it at bleepingcomputer:

http://www.bleepingc...system-security

Start, All Programs, Accessories, Command Prompt (Vista or Win 7 - right click on Command Prompt and Run As Administrator) then type:

msconfig

Click on the Startup Tab and look for an entry that is all numbers. Uncheck it then reboot into regular mode.

Wouldn't hurt to keep a copy of MalwareBytes AntiMalware on your system and run it from Safe Mode with Networking if you get hit again.

Once you kill it off then you need to clean up System Restore. Follow Jim's procedure here for XP:
http://forum.aumha.o...581099691bf108f

His procedure hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.



Make sure you have the latest Java and that there are no older versions left on your PC:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

If you do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Now delete the folder C:\Program Files\Java

Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Don't let it foist Yahoo toolbar are similar on you.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past. They are also offering McAfee Security Scan these days so uncheck that before downloading or uninstall it when done.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html

Ron

[RKinner]

Safe Mode is the way to go but you should be able to get rid of it without a System Restore.

Judging by the write up on it at bleepingcomputer:

http://www.bleepingc...system-security

Start, All Programs, Accessories, Command Prompt (Vista or Win 7 - right click on Command Prompt and Run As Administrator) then type:

msconfig

Click on the Startup Tab and look for an entry that is all numbers. Uncheck it then reboot into regular mode.

Wouldn't hurt to keep a copy of MalwareBytes AntiMalware on your system and run it from Safe Mode with Networking if you get hit again.

Once you kill it off then you need to clean up System Restore. Follow Jim's procedure here for XP:
http://forum.aumha.o...581099691bf108f

His procedure hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.



Make sure you have the latest Java and that there are no older versions left on your PC:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

If you do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Now delete the folder C:\Program Files\Java

Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Don't let it foist Yahoo toolbar are similar on you.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past. They are also offering McAfee Security Scan these days so uncheck that before downloading or uninstall it when done.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html

Ron