[donotprint]
[/donotprint]
Whats is System Security 2011?
System Security 2011 is a program that every computer users must beware. This is not ordinary software neither a usual security application. System Security 2011 is closely connected with a Trojan that it uses to gain an access on target computer. There are no indications that the Trojan is executing changes on the system, not even your antivirus may detect its activities.
If System Security 2011 is successfully loaded inside your PC, it starts producing a bunch of security alerts situating danger on the system. This fake antivirus also simulates a virus scan that identifies a number of Trojans and viruses. Employing such fake alerts and manufactured scan results are scare devices to trick users in order to induce them into acquiring the paid version of System Security 2011.
Supplementary impairment it can cause to infected computer are the following:
- The malware can disable Windows system tools like task manager and registry editor. Purpose of this execution is to prevent manual removal and to avoid ending process that links to System Security 2011.
- It attempts to block access to executable files. Running installed program produces warning alerts announcing that the file is infected. The alert will arise from system tray pretending to be a legitimate Windows security pop-up.
- System Security 2011 will come up with a warning about successive intrusion attempts. This alarm masks as Windows Firewall Alert to mislead its prey.
As you may observe, System Security 2011 makes an effort to copy what legitimate antivirus program carried out during scan and detect process. However, you may spot rogue ones when concerns about security troubles turns out to be an annoyance.
| Type | Rogue |
| Sub-Type | FakeAV |
| Systems Affected | Windows |
Symptoms
After the installation, System Security 2011 runs a virus scan on itself. Next, it provides a series of detection and report a number of threats needed to eliminate from the system. It prompts to activate the program by purchasing the registration key from their web site.
The malware mimics Windows start-up process indicating system failure. It shows this message:
System Security 2011 RESTORES Windows after system failure caused my spyware and malware activity.
ACTIVATE System Security 2011 to resume the protection of your computer.
Some more fake warnings and alerts produced by System Security to mislead computer users.
Warning!
Unwanted software (Malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher Unauthorized.
Warning! infection found
Unauthorized sending of E-MAIL with subject “Find girl”
to email address
was CANCELLED
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
Other Detection Name for System Security 2011
| AhnLab-V3 | Trojan/Win32.FakeAV |
| AntiVir | TR/Crypt.EPACK.Gen2 |
| Avast | Win32:Cycbot-NO [Trj] |
| AVG | Generic25.AKCZ |
| Kaspersky | Trojan-FakeAV.Win32.OpenCloud.i |
| MalwareBytes Anti-Malware | Backdoor.Bot |
| McAfee | BackDoor-EXI.gen.x |
| NOD32 | Win32/Kryptik.UMI |
| nProtect | Gen:Variant.Kazy.40868 |
| PCTools | RogueAntiSpyware.AVGuard |
| Sophos | Mal/FakeAV-IS |
| SUPERAntiSpyware | Mal/FakeAV-IS |
| Symantec | Trojan.Gen.2 |
| TrendMicro | TROJ_GEN.RC1C1JS |
System Changes
The malware will load using the process:
(random).exe
Malicious files created by System Security 2011 are the following:
%AppData%\(random)\
%AppData%\(random)\
%AppData%\(random)\
%AppData%\(random)\
%AppData%\ldr.ini
%AppData%\svhostu.exe
%AppData%\(random)\System Security 2011.ico
%StartMenu%\Programs\System Security 2011\
%StartMenu%\Programs\System Security 2011\System Security 2011.lnk
%StartMenu%\Programs\Startup\crss.exe
%System%\(random).exe
%UserProfile%\Desktop\System Security 2011.lnk
%Temp%\svhostu.exe
System Security 2011 will create the following registry entries:
HKEY_CURRENT_USER\Software\System Security 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “(random)”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “(random)”
How to Remove System Security 2011
Instructions
[donotprint]It would be a little comfortable if you will [print_link] as we need to restart the computer during the cleaning process.[/donotprint]
Tools Required To RemoveSystem Security 2011
- MalwareBytes Anti-Malware (go to Protection tab to download scanner)
You need to download the tool from specified link. Save the file to a convenient location on your hard drive or USB drive. If System Security 2011 obstruct the download process, you need to obtain the needed files using another computer. Alternatively, you can proceed to Troubleshoooting tab on this area and proceed with the Internet Connection fix first.
If in case it blocks the execution of the downloaded file, please rename it before running on the affected computer.
Scan with MalwareBytes AntiMalware
To remove System Security 2011 using MBAM follow these steps carefully.
1. Locate the file mbam-setup.exe you have just downloaded.
2. Double-click on the file to install Malwarebytes’ Anti-Malware.
3. During the installation process, it will display several prompts. Please install the program in default settings.
4. After installation, leave the following options with check mark.
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. You must be connected on the Internet to complete the update. It may take a while.
6. When update is complete, Malwarebytes’ Anti-Malware will start. When it prompts if you want to update the program, please click OK. The program will check your database and instantly closes the prompt if it detects an updated version.
7. On Scanner tab of the main program, select Perform full scan.
8. Click on Scan button to begin deep scanning on your computer for System Security 2011 associated components.
9. The scan may take a while. It will look for files and malicious registry objects.
10. When done scanning, message will appear stating that scan has completed successfully. Click on OK.
11. Back at the main window, detected threats are displayed. Please note that the image below is just a representation. It does not display the actual files as detected on your computer.
12. All items marked with check will be deleted. Click on Remove Selected to begin the process. All malicious files and registry entries will be remove from the system and placed on quarantine.
13. After removing all threats, MBAM will display a scan log in text format. It can be viewed using NotePad application.
14. You may now close MBAM.
Soon…
Download Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware. Malwarebytes' Anti-Malware is a security product that contains a number of new technologies designed to quickly detect, destroy, and prevent malware including System Security 2011. Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fails to detect.
Activating the full version unlocks real-time protection, scheduled scanning, and scheduled updating. For consumers and personal use, it is a one time fee of $24.95.
Developer: MalwareBytes
Version: 1.51.2.1300
Operating System: Windows 2000, XP, Vista, and 7 (32-bit and 64-bit)
MBAM Scanner only is available here