SecuritySoldier
What is SecuritySoldier?
Security Soldier is yet another rogue security program distinguished as a member of family of rogue programs where SecurityFigther, TrustWarrior, SoftSafeness and SafetyKeeper belongs. These types of program differs much from legitimate security programs particularly how they installed on computers, because Security Soldier will be dropped on computer without your knowledge by utilizing a Trojan Downloader. Once inside your system, Security Soldier will display exaggerated alert messages and run a spoof virus scan each time a computer is booted.
Normally, legal security applications can be remove using Add/Remove Programs under Control Panel, but Security Soldier has no preferences for removal. No uninstall information whatsoever. This aggressive infiltration on computers creates system process to prevent the malware from removal without paying for the registered version of the said rogue application. Among process being disabled were Task Manager, Control Panel, Registry Editor and Folder Options of Windows operating system.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of SecuritySoldier Infection?
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecuritySoldier”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecuritySoldier
- HKEY_CURRENT_USER\Software\SecuritySoldier
- HKEY_LOCAL_MACHINE\SOFTWARE\SecuritySoldier
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURITYSOLDIERSVC
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecuritySoldierSvc
The threat will drop the following malicious files:
- %Program Files%\SecuritySoldier Software
- %Program Files%\SecuritySoldier Software\SecuritySoldier
- %Program Files%\SecuritySoldier Software\SecuritySoldier\license.txt
- %Program Files%\SecuritySoldier Software\SecuritySoldier\securitysoldier.exe
- %Program Files%\SecuritySoldier Software\SecuritySoldier\uninstall.exe
- %Documents and Settings%\All Users\Desktop\SecuritySoldier.lnk
- %Documents and Settings%\All Users\Start Menu\Programs\SecuritySoldier
- %Documents and Settings%\All Users\Start Menu\Programs\SecuritySoldier\1 SecuritySoldier.lnk
- %Documents and Settings%\All Users\Start Menu\Programs\SecuritySoldier\2 Homepage.lnk
- %Documents and Settings%\All Users\Start Menu\Programs\SecuritySoldier\3 Uninstall.lnk
- %WINDOWS%\102z6w59m3c4.cpl
- %WINDOWS%\[Random].dll
How to Remove SecuritySoldier Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats not only those pertainging to “securitysoldier”.
