Video Screencast Help
Search Video Help Close Back
to help

Personal Protection

Created: 02 Jan 2010 | Updated: 11 Sep 2010 | 4 comments
Mike1478's picture
Mike1478
0 0 Votes
Login to vote

I have a virus that must have come from a pop up that shows a screen called Personal Security and asks for 59.99 to
download software.  I get it any time I try to gor to a web site.  Anyone know the name of this virus and how to get rid
of it

Discussion Filed Under:
, , , , ,

Comments 4 CommentsJump to latest comment

Rafeeq's picture
Rafeeq
Personal Protection - Comment:02 Jan 2010 : Link

Check if you have these files, if so please submit it to Symantec , so that we can have a definitions for it.

Personal Security virus will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Personal Security”
  • HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\5.0\User Agent\post platform “WinTSI 01.12.2009″

The threat will drop the following malicious files:

  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Security.lnk
  • %UserProfile%\Desktop\Personal Security.lnk
  • %Program Files%\Personal Security
  • %Program Files%\Personal Security\personalsecurity.exe
  • %Program Files%\Common Files\Personal Security Uninstall
  • %Program Files%\Common Files\Personal Security Uninstall\Uninstall.lnk
  • %Documents and Settings%\All Users\Start Menu\Personal Security
  • %Documents and Settings%\All Users\Start Menu\Personal Security\Computer Scan.lnk
  • %Documents and Settings%\All Users\Start Menu\Personal Security\Help.lnk
  • %Documents and Settings%\All Users\Start Menu\Personal Security\Personal Security.lnk
  • %Documents and Settings%\All Users\Start Menu\Personal Security\Registration.lnk
  • %Documents and Settings%\All Users\Start Menu\Personal Security\Sec Center.lnk
  • %Documents and Settings%\All Users\Start Menu\Personal Security\Settings.lnk
  • %Documents and Settings%\All Users\Start Menu\Personal Security\Update.lnk
  • %WINDOWS%\system32\win32extension.dll
  • here is the link to submit the virus
  • https://submit.symantec.com/gold

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

0
Login to vote
  • Actions
snekul's picture
snekul
Personal Protection - Comment:03 Jan 2010 : Link

Fake "extortionware" A/V software like this have a tendancy to create tons of variants to avoid detection.  If you get the files to Symantec, they'll be able to get it fixed for you.  Otherwise, if you need to get rid of them quickly, there are special tools out there just for removal of Fake A/V.

Eric C. Lukens IT Security Policy and Risk Assessment Analyst University of Northern Iowa

0
Login to vote
  • Actions
Serengeti's picture
Serengeti
Personal Protection - Comment:09 Mar 2010 : Link

a user had this popup on both W7 and XP.
On W7, they clicked cancel in theinstallation request popup - the malware then installed itself - coudl be seen in Add / Remove Programs

The second time, on XP, they did not click anything, just killed the IE browser window displaying the spoofed infection warnings and the install request. Nothing appears in Add/Remove Programs.

SEP did not detect anything in either case.

No idea where this launches from - Facebook perhaps? How does this get onto a PC without any kind of detection? Would TruScan detect this as malware?

0
Login to vote
  • Actions
sbertram's picture
sbertram
Personal Protection - Comment:09 Mar 2010 : Link

Hi you can try a free online virus scanner like House call from Trend micro see what it finds
good luck

0
Login to vote
  • Actions