Endpoint Protection

 View Only

  • 1.  Personal Protection

    Posted Jan 02, 2010 11:15 PM
    I have a virus that must have come from a pop up that shows a screen called Personal Security and asks for 59.99 to
    download software.  I get it any time I try to gor to a web site.  Anyone know the name of this virus and how to get rid
    of it


  • 2.  RE: Personal Protection

    Posted Jan 02, 2010 11:42 PM

    Check if you have these files, if so please submit it to Symantec , so that we can have a definitions for it.

    Personal Security virus will modify Windows Registry and add the following entries:

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Personal Security”
    • HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    • HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\5.0\User Agent\post platform “WinTSI 01.12.2009″

    The threat will drop the following malicious files:

    • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Security.lnk
    • %UserProfile%\Desktop\Personal Security.lnk
    • %Program Files%\Personal Security
    • %Program Files%\Personal Security\personalsecurity.exe
    • %Program Files%\Common Files\Personal Security Uninstall
    • %Program Files%\Common Files\Personal Security Uninstall\Uninstall.lnk
    • %Documents and Settings%\All Users\Start Menu\Personal Security
    • %Documents and Settings%\All Users\Start Menu\Personal Security\Computer Scan.lnk
    • %Documents and Settings%\All Users\Start Menu\Personal Security\Help.lnk
    • %Documents and Settings%\All Users\Start Menu\Personal Security\Personal Security.lnk
    • %Documents and Settings%\All Users\Start Menu\Personal Security\Registration.lnk
    • %Documents and Settings%\All Users\Start Menu\Personal Security\Sec Center.lnk
    • %Documents and Settings%\All Users\Start Menu\Personal Security\Settings.lnk
    • %Documents and Settings%\All Users\Start Menu\Personal Security\Update.lnk
    • %WINDOWS%\system32\win32extension.dll
    • here is the link to submit the virus
    • https://submit.symantec.com/gold


  • 3.  RE: Personal Protection

    Posted Jan 03, 2010 09:23 PM
    Fake "extortionware" A/V software like this have a tendancy to create tons of variants to avoid detection.  If you get the files to Symantec, they'll be able to get it fixed for you.  Otherwise, if you need to get rid of them quickly, there are special tools out there just for removal of Fake A/V.


  • 4.  RE: Personal Protection

    Posted Mar 09, 2010 02:46 PM
    a user had this popup on both W7 and XP.
    On W7, they clicked cancel in theinstallation request popup - the malware then installed itself - coudl be seen in Add / Remove Programs

    The second time, on XP, they did not click anything, just killed the IE browser window displaying the spoofed infection warnings and the install request. Nothing appears in Add/Remove Programs.

    SEP did not detect anything in either case.

    No idea where this launches from - Facebook perhaps? How does this get onto a PC without any kind of detection? Would TruScan detect this as malware?


  • 5.  RE: Personal Protection

    Posted Mar 09, 2010 02:57 PM
    Hi you can try a free online virus scanner like House call from Trend micro see what it finds
    good luck