Remove pesonal security
- Thread starter eskimo64
- Start date
-
- Tags
- Connection
Solution
digitalprospecter
Distinguished
- Mar 31, 2010
- 786
- 0
- 19,060
Personal Security is the name of a virus that has been making the rounds. It is a variant of the Winantivirus virus. It is an identity theft virus that pretends to be a real antivirus program. Under no circumstances purchase their software to solve your problem. Your credit card will go on a shopping spree.
www.bleepingcomputer.com has excellent tutorials on removing these types of infections. If you require more information, just let someone here in the forums know.
www.bleepingcomputer.com has excellent tutorials on removing these types of infections. If you require more information, just let someone here in the forums know.
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
If that is the reason for the OP's question, it could be dealt with here without going to another forum. 
Briefly, the first stage is to turn off System Restore to prevent it carefully keeping copies of everything you're trying to delete.
Check in Task Manager to find references to Personal Security and click on End Process. Then go to msconfig and prevent it starting and then restart the system into Safe Mode with Networking. Take the filename you found in the Config utility and track it down and delete it. Use the Registry editor to find any references to it and delete them, then check in Programme Files>Common Files to see if it created a folder in there as well.
Restart back into Normal Mode and go to
and download MalwareBytes. Install it, let it update and restart itself then run the Quick Scan. Click on Remove Selected when the scan completes to remove whatever it found and restart the computer. Start MBAM again and run the Full Scan and do the same. If you still have any doubts about the system, click on MBAM's Logs tab and copy and paste both logs back here.
Briefly, the first stage is to turn off System Restore to prevent it carefully keeping copies of everything you're trying to delete.Check in Task Manager to find references to Personal Security and click on End Process. Then go to msconfig and prevent it starting and then restart the system into Safe Mode with Networking. Take the filename you found in the Config utility and track it down and delete it. Use the Registry editor to find any references to it and delete them, then check in Programme Files>Common Files to see if it created a folder in there as well.
Restart back into Normal Mode and go to
digitalprospecter
Distinguished
- Mar 31, 2010
- 786
- 0
- 19,060
Don't turn off System Restore yet!!!
I like Malwarebytes. An excellent program, certainly a part of the cocktail of programs generally required to defeat this infection. Often several utilities are needed to remove and reverse the effects of this hostageware. The more a user has clicked on the fake antivirus messages, the more Windows features get turned off as a result. This is by design in the virus, so that the user gets frustrated enough to buy the fake program they are flogging as the cure. Then they have your credit card number, which is what they want. Their fake antivirus reports that you have many virus infections. This is a fake report, though some of the virus names may be fimiliar.
As a computer tech, in our firm, we use the following steps on this family of infections:
1. Run System Restore and choose a date prevoius to your infection. This step is very important to reverse all of the changes that the infection has made in your registry. If you don't do this step, you will most probably come to realize that the time it will take to repair all the desktop policies and other features of Windows that have been disabled will force you into a wipe and reload of your Windows anyway. If System Restore has been disable by the virus already, then we use a bootable CD called MiniPE to restore the registry.
2. After performing step #1, we then turn off System Restore in Windows.
3. Run Combofix.exe on your computer. You can download it from the site I mentioned above. There are other download sites that claim to have this important utility, but most are fake. Go with all the defaults and choose to install the Microsoft Recovery Console when it asks.
4. Install the SuperAntispyware utility and update it.
5. Run a full scan using SuperAntispyware. Remove everything it finds.
6. Run the Windows Fixes in SuperAntiSpyware. They are found in the Preferences->Fixes section. Apply them all. This will require several reboots, but will turn on most of what the virus turned off. This is like chasing a thief (the virus) out of your home. Then you have to fix what he broke while he was there (the Windows fixes)
7. Install MalWareBytes and do a full scan. Remove all that is found.
8. Use ATF cleaner to purge all temp files (a great little utility).
9. Install CCleaner.exe and do and scan both the drive and the registry.
10. Run SFC /scannow from the Run Command to replace missing or corrupt Windows files (You will likely be required to insert your Windows CD, so find it now)
11. Finally, open Internet Explorer. Click on Tools->Internet Options->Advanced->click the Reset button. This will reverse settings made by the virus in your browser.
Final Note: The organized crime family behind this identity theft virus has found a way to keep their Window on top of Task Manager, the Start Window, and other Windows features lately. I have found that Alt+F4 will close them though.
If you have any questions about these steps, please let me know.
Best of Luck!
I like Malwarebytes. An excellent program, certainly a part of the cocktail of programs generally required to defeat this infection. Often several utilities are needed to remove and reverse the effects of this hostageware. The more a user has clicked on the fake antivirus messages, the more Windows features get turned off as a result. This is by design in the virus, so that the user gets frustrated enough to buy the fake program they are flogging as the cure. Then they have your credit card number, which is what they want. Their fake antivirus reports that you have many virus infections. This is a fake report, though some of the virus names may be fimiliar.
As a computer tech, in our firm, we use the following steps on this family of infections:
1. Run System Restore and choose a date prevoius to your infection. This step is very important to reverse all of the changes that the infection has made in your registry. If you don't do this step, you will most probably come to realize that the time it will take to repair all the desktop policies and other features of Windows that have been disabled will force you into a wipe and reload of your Windows anyway. If System Restore has been disable by the virus already, then we use a bootable CD called MiniPE to restore the registry.
2. After performing step #1, we then turn off System Restore in Windows.
3. Run Combofix.exe on your computer. You can download it from the site I mentioned above. There are other download sites that claim to have this important utility, but most are fake. Go with all the defaults and choose to install the Microsoft Recovery Console when it asks.
4. Install the SuperAntispyware utility and update it.
5. Run a full scan using SuperAntispyware. Remove everything it finds.
6. Run the Windows Fixes in SuperAntiSpyware. They are found in the Preferences->Fixes section. Apply them all. This will require several reboots, but will turn on most of what the virus turned off. This is like chasing a thief (the virus) out of your home. Then you have to fix what he broke while he was there (the Windows fixes)
7. Install MalWareBytes and do a full scan. Remove all that is found.
8. Use ATF cleaner to purge all temp files (a great little utility).
9. Install CCleaner.exe and do and scan both the drive and the registry.
10. Run SFC /scannow from the Run Command to replace missing or corrupt Windows files (You will likely be required to insert your Windows CD, so find it now)
11. Finally, open Internet Explorer. Click on Tools->Internet Options->Advanced->click the Reset button. This will reverse settings made by the virus in your browser.
Final Note: The organized crime family behind this identity theft virus has found a way to keep their Window on top of Task Manager, the Start Window, and other Windows features lately. I have found that Alt+F4 will close them though.
If you have any questions about these steps, please let me know.
Best of Luck!
TRENDING THREADS
-
-
Question Can´t open BIOS because no keyboard input is received.
- Started by Blatscher
- Replies: 11
-
-
-
News US sanctions transform China into legacy chip production juggernaut — production jumped 40% in Q1 2024- Started by Admin
- Replies: 35
-
-
Question New pc build r9 7900x3d rtx 4080 super no post only ram rgb turns on- Started by Harvey Durward
- Replies: 4
Latest posts
-
-
Question RTX 2060 Zotac stops giving display output when pushed hard- Latest: Moru Zerinho6
-
-
-
-
Facebook
Twitter
Instagram