jolphil Posted July 21, 2009 Posted July 21, 2009 (edited) Hi,My daughter's computer(winXP home) was infected with the dreaded "System security" Trojan ..It shut off her anti-virus programs as well as Malewarebytes....She lives about 250 miles from me so is there a way I can find either a reliable removal tool or a simple walk thru procedure?I have searched online but, how do you pick out a tool that will work from a scam tool..Is there anyone that found a way to remove it..If so please help..What a nasty item to deal with.. Thank you,jolphilEdit: I just realised that should this be in the system security forum? Edited July 21, 2009 by jolphil Quote
mac Posted July 21, 2009 Posted July 21, 2009 Hi jolphil,I don't have any specific suggestions about tools, but I'm sure that if you register and post details about the infection here (Temerc used to post regularly here) you'll get led in the right direction. I had a similar problem (Antivirus 2008) on my daughter's XP Pro PC which I couldn't get rid of, and they stepped me through purging it from her system. Luckily she only lives a few miles away... Good luck! Quote
zlim Posted July 21, 2009 Posted July 21, 2009 The simplest thing, if possible, is to use a restore point before she was infected. If it works, have her update all her security programs, turn off system restore, run a scan, then turn restore back on once she knows the computer is clean.Failing that, she can have a friend download malwarebytes on a USB stick for her. She may be able to clean enough off to get going. She can also go to an online scan site and try to get more removed.Also, have her use ctrl+alt+del and stop the process running; hopefully she can figure out what this is named.Be sure to tell her NOT to use IE, use any other browser. Quote
jolphil Posted July 21, 2009 Author Posted July 21, 2009 The simplest thing, if possible, is to use a restore point before she was infected. If it works, have her update all her security programs, turn off system restore, run a scan, then turn restore back on once she knows the computer is clean.Failing that, she can have a friend download malwarebytes on a USB stick for her. She may be able to clean enough off to get going. She can also go to an online scan site and try to get more removed.Also, have her use ctrl+alt+del and stop the process running; hopefully she can figure out what this is named.Be sure to tell her NOT to use IE, use any other browser.Hi,Thank you and Mac for responding..She runs BitDefender2009 suite and was up to date but it did not stop it..Now if she tried to run it, an error message says in effect it is corrupt..In fact she tried to run the Bit Defender online scan but it cannot remove it(System Security Trojan)..I had her download Malewarebytes but it will not install..Same thing corrupted file..We got into the safe mode but that also was no help..The more I search the web the more I see lots of folks with the same thing..The only thing that seems to work is to manually un-install it by both deleting Processes,registry keys, and files..Huge task and possibly more than she can do..Sure looks like a nasty one..Jolphil Quote
jolphil Posted July 22, 2009 Author Posted July 22, 2009 Hi,Thank you and Mac for responding..She runs BitDefender2009 suite and was up to date but it did not stop it..Now if she tried to run it, an error message says in effect it is corrupt..In fact she tried to run the Bit Defender online scan but it cannot remove it(System Security Trojan)..I had her download Malewarebytes but it will not install..Same thing corrupted file..We got into the safe mode but that also was no help..The more I search the web the more I see lots of folks with the same thing..The only thing that seems to work is to manually un-install it by both deleting Processes,registry keys, and files..Huge task and possibly more than she can do..Sure looks like a nasty one..JolphilNew information for anyone who gets this mess..I found online someone named jason who found an easy way to disable the trojan so that it will not start..That way you can use malewarebytes or any other anti-malware program to scan and clean this trojan..My daughter has just used Mban and it found and cleaned it..I will have her load Software dr. and do more scanning as well as her virusprogram Bitdefender..Heres his method:# Jason L | July 8th, 2009 at 2:47 amJason(the other Jason above, not me), you advice was crucial. Everyone needs to give that post a read. Here’s how I did it.1. Located the file that displays the System Security Shield(Black and orange tiger stripes). Mine was in C/Documents and Settings/All Users/Application Data, and it was in a folder with a random number(160504, I think. Your number may be different.2. Go into that folder and rename the shield file 2222, then rename the folder 2222. Make sure they’re both renamed. Like Jason said, this disrupts the programs pathways.3. Restart. You should be able to do a few things you couldnt do before when your computer boots up again, like connect to the net and run msconfig. I went to my start menu, clicked run, put in msconfig and went to the startup tab.4. Here you can prevent the program from bugging you on start up. Just find the file with the random numbers for a name(mine was 160504 or something) and uncheck it.5. I restarted and was able to install the removal tool provided above.6. Run a scan and remove System Security 2009 pest, and the problem is solved.If I ever find the scammers responsible for creating these bootleg trojan programs, I swear I’ll break a few bones…maybe a neck or two. These things are ridiculous.PS zlim, I will take your advice about system restore after it's cleaned.. Thank youIt seems to work..Hooray!!!jolphil Quote
Ed_P Posted July 22, 2009 Posted July 22, 2009 Wow!! Good to hear jolphil. Thanks for the update. Quote
zlim Posted July 23, 2009 Posted July 23, 2009 I'd be dropping BitDefender and looking at something else. Unless she was one of the first infected, a good security program should be able to protect later people by quickly updating the database. If you happen to be one of the first, it does take a day or two for the company to look at the malware so they can offer a defense. Quote
jolphil Posted July 23, 2009 Author Posted July 23, 2009 I'd be dropping BitDefender and looking at something else. Unless she was one of the first infected, a good security program should be able to protect later people by quickly updating the database. If you happen to be one of the first, it does take a day or two for the company to look at the malware so they can offer a defense.I completely agree..My advice to her will be to Dump it..Sad Part she just paid for a 3yr subscription..Latest update is that the systems is not entirely purged yet..Mban and Sys Dr. found some But..We will have to manually check it to remove all bitsand files..Starting with processes,Files,registry keys..Not going to be pretty..First will be to do a restore point, then Export the registry and then brain surgery ..jolphil Quote
goretsky Posted July 24, 2009 Posted July 24, 2009 Hello,Malware writers often update their creations to avoid detection by anti-malware programs, especially since they have a financial incentive to do so.Why not have your daughter contact BitDefender's technical support and have them collect a copy for their researchers to add protection against it in their product and perform a manual, over-the-phone removal?Regards,Aryeh Goretsky Quote
jolphil Posted July 24, 2009 Author Posted July 24, 2009 goretsky wrote Malware writers often update their creations to avoid detection by anti-malware programs, especially since they have a financial incentive to do so.That's exactly what we learned..This one apparently uses a random number scheme of 8 numerals to name it's files..Thus what you read online from someone else's method, may not work for you..When we searched for files we first used numbers that were published online but as the malware programs soon found bits and pieces with different numbers..We then switched to something like ????????.lnk or whatever..I am sure there is still more involved but her computer that she uses for work is seemingly back to normal..The thing to do now is update all security progs. and scan like crazy whenever she is not working..Only after it is entirely clean will she make another restore point..The main factor in this saga was the tip by Jason to rename the proper .exe files so that antivirus and malware programs would work again..Wherever you are Jason, thank You..BTW she uninstalled BDefender and installed Avast and it found and fixed 4 more trojans..I must say that during the Bitdefender scans it would stop at a critical error and report back to BD...It seems that each program has it's strong and weak points for detection and removal..Fingers crossed..Jolphil Quote
Ed_P Posted July 24, 2009 Posted July 24, 2009 The concept of malware changing names and folders has unfortunately been around for awhile. And sometimes it takes more that just renaming files to stop them.See this thread: http://forums.scotsnewsletter.com/index.ph...st&p=108462 Quote
jolphil Posted July 25, 2009 Author Posted July 25, 2009 The concept of malware changing names and folders has unfortunately been around for awhile. And sometimes it takes more that just renaming files to stop them.See this thread: http://forums.scotsnewsletter.com/index.ph...st&p=108462 Wow!!! Ed what a saga..Looks like the nasties are still going strong..My Grandson just caught a rootkit trojanLot of that going around.. jolphil Quote
Ed_P Posted July 25, 2009 Posted July 25, 2009 My Grandson just caught a rootkit trojanIMO Part of the problem with young people on the web is they believe all the popup ads they see, especially the ones that lie and say their pc is infected and to click the popup's button to clean it. Another part is they download anything and everything they see on the web yet fail to have a FW running, their AV up to date or any AS sw running. The latter is partly due to them, and their parents, getting new pcs and thinking it has everything included to keep them safe. Unforutnately that is not the case, and when it is the case the stuff expires after 3 months and no one thinks to pay to have the support continued.Personally I run avast! AV (free version), Comodo FW (free version) and Windows Defender (free also) and spend probably 8 hrs a day on the net, and rarely get infected with anything. Every few months I run some scans with other tools like Adaware and Spybot but they rarely find anything other than cookies which I have no concern with. IMO There's no excuse for anyone to be running a pc unprotected. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.