Sign in with
Sign up | Sign in
Your question

Personal Security

Tags:
  • Security
  • Computers
  • Windows XP
Last response: in Windows XP
Share
Anonymous
a b 8 Security
April 4, 2010 1:29:49 PM

Hello,
I seem to have downloaded some kind of virus called Personal Security onto my computer and can't get rid of it.

I have tried downloading various software as suggested on this forum but it will not let me run the applications once they have been downloaded.
I can't even open any programmes on my computer.

Any suggestions on how I can get rid of it :(  :( 

Thanks in advance

More about : personal security

April 4, 2010 4:11:57 PM

Currently, the only removal process that I have been able to sucessfully use involve putting the infected hard disk drive into a clean computer and deleting the infected folder.

However, if you can get into Safe Mode (restart your computer and immediately begin tapping the F8 key at the top of your keyboard. This will bring up the Windows Startup Menu. Select Safe Mode using your arrow keys and then press Enter), you can try deleting the infected folder in c:\documents and settings\all users\application data\<infected folder name> where infected folder name is usually equal to a numbered folder like this 65345637. The name could be anything though, so if you don't see a folder like I am describing, post a list of the folders that you do see so that I can evaluate them.

If you can delete this folder then you should be able to run programs again and continue your removal process by running Malwarebytes, SuperAntiSpyware, CCleaner, ATF Cleaner, and a full updated Antivirus scan.

First things first though! Can you get into Safe Mode successfully? Some variants of this family of viruses disable Safe mode.

April 5, 2010 5:28:44 AM

Yes, Safe Mode with Networking would be a good choice, but I have been finding with the Personal Security Infection, users can not get into Safe Mode at all. The infection is crippliing the ability to load the Safe mode options.

Also, these new 'viruses' like Personal Security are not viruses by the original classification. They do not reproduce themselves by trying to spread to any and all drives and computers that they can. They are identity theft apps that download themselves onto your computer while browsing the Internet. They typically do this by tricking you into install them with fake security warnings. When you get one of these warnings, most users have been conditioned to click on 'No', 'Cancel', or the 'X' in the upper righthand corner of the Window when they are in doubt. The creators of these ransomware infections know this and when you click on any of the above, you are still saying yes to install the fake antivirus program, because they (the creators) have programmed all those options to really mean yes.

What that means to service techs like myself is that we are not really worried about these types of infections jumping to our service computers, but in any case our service machines are dedicated computers for just this purpose. In the shop, I would take out your infected drive and connect it to my service computer as a secondary drive. This way your operating system does not get a chance to startup and therefore the 'virus' is not active either. I can then scan your drive using my uncompromised antivirus program and remove the infected files and folders. Then I would copy my set of cleanup tools onto your hard disk from my service computer and reinstall your drive back into your computer. What I've accomplished so far is to remove the infected files and get my tools copied to your drive. I would then boot your computer in safe mode and install my tools like malwarebytes or superantispyware etc to cleanup your system registry of infected entries as a scan of your drive in my service machine does not tackle those entries. I would then uninstall and reinstall your antivirus program to make sure it isn't damaged and also clean up your Internet Explorer settings.

I hope that this explains why I would put an infected drive in another computer. It is a fast way to defeat infections that have disabled so many Windows features that it almost impossible to fix when booting from your own computer. It also allows me to backup all your important data files before trying cleanup processes that may render your computer's operating system unusable. Many of these infections do not like to be removed and sometimes strike back at attempts to do so. The number 1 rule is too never lose a client's data!

However, you would be correct in erring on the side of caution regarding connecting an infected drive to just any computer. I dedicate computers to this process solely, so if some infection should jump to my computer, I just reimage my drive.
Related resources
April 5, 2010 5:33:00 AM

Back to Bounce1602's question:

If you can get into Safe Mode, or boot off your Windows CD and get into the REcovery Console, you can comb your drive for the following folders and delete them. That should let you boot normally and we can continue the cleanup process.

c:\Program Files\PSecurity\
c:\Program Files\PSecurity\psecurity.exe
C:\Program Files\PersonalSec\
C:\Program Files\PersonalSec\psecurity.exe
C:\program files\PersSecurity\
C:\program files\PersSecurity\psecurity.exe
C:\program files\PersSecurity\personalsecurity.exe
C:\program files\PersSecurity\system.dat
C:\Program Files\PersonSecurity\
C:\Program Files\PersonSecurity\psecurity.exe
c:\Program Files\Common Files\PSecurityUninstall\
c:\Program Files\Common Files\PSecurityUninstall\Uninstall.lnk
c:\WINDOWS\system32\win32extension.dll
c:\Documents and Settings\All Users\Start Menu\PSecurity
c:\Documents and Settings\All Users\Start Menu\PSecurity\Computer Scan.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Help.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Personal Security.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Registration.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Security Center.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Settings.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Update.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk
April 5, 2010 6:33:28 AM

No Problem. Just hoping bounce1602 updates us on how things are going!

Those old PET's were something else with their monochrome head ache inducing screens! <grin>
!