System Security 2009

Try Norton security scan .

http://security.symantec.com/sscv6/WelcomePage.asp

......Barkha

Norton Removal Tool should do this:
http://service1.symantec.com/Support/tsgeninfo.nsf...

Cheers

Does system security removes trojans????

. Start Windows Task Manager

Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.

If that didn’t work, try another way. Press the Start button and click on the Run… option. This will start the Run tool. Type in taskmgr and press OK. This should start the Windows Task Manager.

. Start the Task Manager

 Find and terminate the process

Within the Windows Task Manager click on the Processes tab (it is in the red box). This will bring the complete list of all active tasks. Find the process by name. Names are in the first column from the left. Click on the Image Name button (it is designated by the blue box) to sort tasks in alphabetical order. Then scroll the list to find required process. Select it with your mouse or keyboard and click on the End Process button (in the green box). This will kill the process.

Terminate the process

+Alternative steps for finding and terminating the process
II. Locate the malicious file and try deleting it
Let’s assume you know the file name or at least a part of it. In such case run Windows default search tool: Start > Search > For Files and Folders. Type in the file name or its part to the search field. Specify search location. For better results select "Look in: Local Hard Drives" or "Look in: My Computer". Now start searching. The file should appear in search results.

. Search for the file

If you have no idea how to spell a filename, but you know, where it can possibly be, then you should try finding this file manually. Most parasites attempt to hide their tracks, so you will have to enable the displaying of hidden and system protected files. Open Windows Explorer. Click on the Tools menu and select Folder Options.

 Make hidden files visible

Choose the View tab. In the Advanced Settings list find the option Show hidden files and folders (on Image 8 it is designated by the red box) and select it. Then remove a checkmark next to the line Hide protected operating system files (Recommended) (in the blue box).

Change view settings

Some files may still be invisible. To see them, launch the Command Prompt. Press the Start button and then select Run. This should open the Run dialog. Type in cmd and press enter or click on the OK button.

Open the Command Prompt

Type in dir /A name_of_the_folder to the console. This will list all the files that reside in that folder. Hidden files will also be displayed.

 View folder content

Simply delete the file using the Windows Explorer or any other program that you use to browse the file system. Don’t forget to empty the Recycle Bin. If an error message appears saying that file is in use and cannot be removed, try terminating the associated process and then delete the file. To do this you will have to open the Windows Task Manager (press CTRL+ALT+DEL or CTRL+SHIFT+ESCAPE). Then in the Processes tab select the corresponding process and click on the End Process button.

However, some processes will run immediately after you terminate them. In such case you have to reboot your system into Windows Safe Mode (this tutorial article explains how to do this). In this mode many system services are disabled and programs do not run automatically on startup. Practically any file can be easily removed.

The malicious file can also be deleted from the Command Prompt. Open the Command Prompt and navigate to the folder, where the harmful file is. To do this issue the following command: cd name_of_the_folder. Then invoke this command: del name_of_the_file. To delete the folder use another command: rmdir /S name_of_the_folder.

Delete the folder from the Command Prompt

I found the same trojan with the name "system security 2009", how to get rid of it? would it be as simple as deleted it in the safe mode?

If you can't find any tool to remove it for you you'll have to do it yourself.
Most trojans have self-surviving built into them these days so what I like to do when manually cleaning up is to run IceSword. It has a nice feature to prevent any new executable from starting. So by doing this first and then killing the running executable and removing any startup-triggers (ex. registry, autostart) the killed executable should not be able to survive the termination by sparning a new process.

My dad's old computer is infected by "System Security 2009," and it seems to be preventing me from downloading the scan program that was suggested in the first reply. I also can't open Task Manager: it's closed as soon as I open it. The computer is honestly a lost cause, but he doesn't have the funds to get a new one. I don't have a whole lot of technical knowledge, but I should be able to follow along no problem if somebody tells me what to do.

His computer runs Windows XP Home.

I've already tried running the computer in safe mode and opened up the add/remove programs, but it said that there was an error and it might already be uninstalled.

Can anyone give me some specific advice on what to do to remove this thing?

Thank you.

The file name for "System Security" is 10892964.exe. Delete or disable this on the start-up list or   type in the file name in the 'My Computer' folder and click 'search". If you have Spy Sweeper it is much easier to disable.

Anyone,
     Why is there not a blog where they find out who's behind these illegal scams and publish their name and address? Maybe a description of their car and licence number too.
     The people who have been put upon will take care of such people.

http://www.bleepingcomputer.com/virus-removal/remo...

http://remove-malware.net/how-to-remove-system-sec...

The key thing for me was to go to the last comment on the 2nd link as below:

1. If you locate the file with the shield icon in your system, usually in the C:/program data\ folder. You can rename the systems security folder and program to 2222. This will interrupt it’s pathways for running when you reboot the PC. As a result you will then be able to download and use removal programs or manually remove it. This was how I solved not being able to run any exe files for removing it or going to the CMD or Taskmgr.

I actually found the culprit folder (as suggested in another link) in C:\Documents and Settings\All Users\Application Data. It will be the only folder in this location that consists on a folder with numbers (in this instance 15281094 but there are reports of several other numbers, the key thing being it is the only numbered folder in application data). Within this folder you will see the exe which will have the same shield icon with diagonal stripes as the System Security malware to confirm you have the right folder. Also just to note you may have to show hidden files and folders in order to see the application data folder. After you rename the folder and the exe you just need to log off the pc and when you log back in you can then use CTRL, ALT and delete, task manager, searches etc. I then manually deleted files, folder and registry settings as per the 2nd link and followed it up by installing malwarebytes as per 1st link which removed the malware and a trojan which helped get it on to the pc in the 1st place by taking over internet explorer.

You're going to laugh at this, I've been going crazy all day trying to get rid of it.  You know the system security window that comes up and shows all the viruses it scanned?  Well at the top of that window click "support".  Then go to "FAQ".  At the bottom of that page it tells you how to uninstall.  You download a file and in about 5 seconds it's gone.  I had no internet or anything so I had to do it in safe mode.  I wrote down the address of the website which was supportonlinecenter.com   that's where the faq page was.  It's gone and now I'm running my good for nothing virus scan program.  I hope I never get caught again. 
Hope this helps you.
Barbara

I have just, after 4 friggin hours (it's 1 AM now and I need to get up at 6) been able to disable this piece of ^#$$^& trojan / virus /whatever-you-may-callit. In 'vanilla' windows nothing worked - no internet, no apps, no Symantec. So I ran Symantec in safe mode and yay - virus found a removed. Well - Removed my #ss! A second scan in safe mode (still couldn't run anything in regular mode) revealed NOTHING. A reboot in regular mode and there it was, still, in all its faux protection tool glory. Even though my company pays large amounts of money to keep my laptop's antivirus software up-to-date. Well, screw it. Symantec - why can't you find and kill this tool!?? Probably because it doesn't have any of the damn virus algorithm characteristics! I had to trace it myself using the task manager, kill the task on sight and wonder of all wonders, everything works again.
Now I am browsing the internet encountering dodgy tools, probably just as bad, to get rid of this piece of ####! I renamed the executables and all I hope for is that it doesn't run ANYTHING again on my next startup. As you may notice, I am seriously fed up with this for a number of reasons:
1. My company doesn't do enough to keep my laptop safe, tool-wise;
2. Firefox sucks - or would I have gotten it just as easily with the less acclaimed IE?
3. Symantec - up-to-date and all - CAN NOT FIND A KNOWN VIRUS! That's just sad, really. Even though Symantec easily kills harmless files on sight because they contain 'exploits'....
4. System Security sucks - I'd like to meet the guy who made this. Even though the only thing it cost me was part of my night's rest, I'd still gladly kill him. With a blunt hacksaw.

Yours sincerely,

A very unhappy customer.

PS: Don't trust cary767 and bhk.

Ok here is my problem I have this stipd system security on my pc. I cannot go online or do anything. Everytime I try to restart, it shuts down and restarts, then rinse and repeat. I finally got it to start in safe mode. Now what do I do? I do not know what commands to type to run antivirus to get rid of this damn thing. Please help!!

I wish that did help. I cannot do anythiing, I cannot get it in safe mode, I cannot go online, I dont even get that stupid thing scaaning now. My computer starts up, then shuts down and restarts again. I have no time for anything. I cant even reformat because my CD drive wont work now.

I was even desperate enough to try the "click on Support and the nice virus will uninstall itself" suggestion.

This seems to be a new version. From what I can tell I picked it up reading some forums. I do remember a popup message about Google Toolbar having parts disabled and did I want to continue. And I clicked OK. I have since uninstalled any addon or application from Google cause this is not the first time that I have had something nasty piggyback its way onto a PC using a Google app.

Anyway, I got the System Security 2009 install. But this version doesnt just block certain applications from running. It kills any new process started immediately. Symantec, Malwarebytes, TaskManager, ProcessExplorer, Regedit, even a command window. I tried Notepad just to see and yes it kills it too, as well as any browser. It also, at bootup, kills all other running processes except the bare essentials to keep the PC running. To make things worse it evidently modifies some of the system files in such a way so that if you try to boot into Safe mode you get a blue screen system failure when it tries to load them.

All I can do is boot from an install disk into Recovery Console. I tried manually deleting all the rogue exe files I could find but evidently it keeps lots of copies. At the moment I am trying to follow some instructions I found on loading a system restore point from recovery console. I will let you know how that works.

If there are any suggestions on something to try I am open to them. I am not a novice, have been working on PCs and security for 20 years. And this is the worst I have seen since in a long time. My next option is to blow away the partition and restore the last full backup I have of the system.

Well, the manual registry restore seems to have worked. It let me reboot and get into Malwarebytes which I then ran to remove the rogue application. I have had to do it several times plus go through and look for the odd executable but it appears to have gotten it. Am also running a rootkit checker just to make sure.

And none of the tools I used to fix this were from Symantec. In fact I had latest version of Endpoint Protection running and it went right over it with no problem.

i purchased this thinking it would work but of course it didn't...so i called them for a refund and surprise surprise they told me that i never purchased it...and that they couldn't give me a refund...so i called my bank and they confirmed that i did purchase it...i called them back, was put on hold forever, then yelled at that idiot for not knowing a damn thing...of course after that he tells me that i did purchase it and was getting a refund in 5-10 business days...don't go to this company its nothing but crap...i'm lucky i got my cousin to fix my computer...i don't know what he did but thank heavens he did it so i can be rid of this stupid company and their b*******!!!

I had this damn thing take over my computer last Friday. I couldn't open any applications, task manager included, just the internet. Finally today, after browsing dozens of help sites, I have the easiest solution imaginable. I sure hope it works for you...

Start your computer in Safe Mode (hit F8 repeatedly at start up to get to it)

Then go to Start, Help & Support, scroll down a little and click on System Restore.

This will allow you to restore your computer and settings to a day before the virus was installed.

Follow the instructions and after your computer reboots, it's GONE!!!

I can't even begin to tell you how happy I am that I defeated this god awful virus....and to top it off it was so much easier than anything else I read!

GOOD LUCK! :)

My sister bought Norton Security Suite (1 year license) a couple of months ago but then her computer broke and she got rid of the broken computer. She has since bought a new one but is unable to use her Norton Security Suite because it refuses to accept her product key on the new computer, presumably on the assumption that the product is already being used. I can't believe that she only gets two months use out of her Norton Security Suite. Is this really the case? Doesn't Norton foresee or allow for such cases? They must surely happen quite often.

Keith

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}

I am unable to remove this freakin piece *(&&$%#*! rogue program, named System Security, you know which one, the one with the Shield.  I made several attempts to remove it in safe mode but with no success.  I tried to use standalone removal tools because it is preventing me from downloading in Windows.  However, it continues to run on my system.  The program has now changed its name to Total Security. This rogue program has changed its appearance - the program does not display a Shield.  Now it has a man with a black mask over his eyes, a lock in the task bar, and it reads  - Total Security.  Does anyone have a handle on removing this pest?