Windows Security System

By | July 19, 2012 | 0 Comment

Windows Security System is software that will bring serious risk once installed on the computer. Presence of this program calls for immediate elimination from your machine. The earlier you deal with it, the less damage it can cause. Remember that rogue program such as Windows Security System has a tendency to communicate with a remote server and download more threats. Moreover, it executes more payloads if given enough time inside the computer.

Keep in mind that goal do rogue software is to play trick on you. To do this, it must complete modification on system files and registry entries. Windows Security System also attempts to release itself once Windows starts. Having the top spot, the malware can better manipulate the system and block any hindrance to its operation. This is the reason why you can notice that antivirus software stops on responding. It also kills any processes that are found related to security and protection. Lowering security settings on the compromised PC gives the malware a dominating power.

With Windows Security System in control, user may have a hard time taking it out from the system. It was designed to hold the PC hostage until you purchase the registration key. The malware will disable any resources that are useful in removing malware. These include task manager, registry editor, and add/remove function. So, to be able to uninstall Windows Security System, all you need is a systematic approach. This is what we have outlined on the guide below.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Security System Infection?

If computer is infected with this malware, obviously, user may observe a fake scan conducted by Windows Security System. Image below shows how the fake scanner looks like.

Windows Security System Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Security System
HKCU\Software\Windows Security System
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Windows Security System”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Windows Security System 2012”

The threat will drop the following malicious files:
%AppData%\Windows Security System\IcoActivate.ico
%AppData%\Windows Security System\IcoHelp.ico
%AppData%\Windows Security System\IcoUninstall.ico
%AppData%\Windows Security System\Windows Security System.exe
%AppData%\Windows Security System\securityhelper.exe
%AppData%\Windows Security System\securitymanager.exe
%Desktop%\Windows Security System.lnk
%StartMenu%\Programs\Windows Security System.lnk
%StartMenu%\Programs\Windows Security System\Activate Windows Security System.lnk
%StartMenu%\Programs\Windows Security System\Help Windows Security System.lnk
%StartMenu%\Programs\Windows Security System\How to Activate Windows Security System.lnk
%StartMenu%\Programs\Windows Security System\Windows Security System.lnk
%Temp%\02c9c3c35bdx5.exe
%Temp%\17dkf.exe
%Temp%\1iowieoo.exe
%Temp%\312f12r4fcvr7.exe
%Temp%\31512.exe
%Temp%\8gmsed-bd.exe
%Temp%\ds1623a6976cd.exe

Leave a Reply

Your email address will not be published. Required fields are marked *