Go Back   Steve's Digicams Forums > Misc Forums > Computers and Operating Systems

Reply
 
Thread Tools Search this Thread
Old Apr 11, 2010, 11:03 AM   #1
Junior Member
 
Join Date: Mar 2010
Posts: 1
Default System security 2009 automatically installed



In my laptop virus alert wallpaper is displaying and System security 2009 automatically installed. System security 2009 showing that my laptop is infected with virus it ask me to scan after scan it showing many viruses. when i try to clean all virus it ask me to activate the system security 2009.

I am using Mcafee virus scan it has catched some Fake Trojan virus . Now macfee also infected onaccess scan has been disabled automatically.

Last edited by aphanri; Apr 11, 2010 at 11:06 AM.
aphanri is offline   Reply With Quote
Sponsored Links
Old Apr 11, 2010, 11:13 AM   #2
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

System Security 2009 is malware. ;-)

The results it is reporting are fake and it will try to get you to pay for a version of it to fix the problems. Don't do that (it won't help anything anyway and you don't want to be giving any credit card or personal info to these guys).

Rogue Anti-virus scanners that are really just malware are a common problem now (usually as a result of unpatched vulnerabilities, running pop up screens showing malware found, etc. -- setup as "drive by" attacks when visiting web pages hosting malicious content).

Yes, it's not uncommon for those types of products to block access to anti-malware sites once installed (and many will also install yet more malware). They can be hard to get rid of once you're infected.
JimC is offline   Reply With Quote
Old Apr 11, 2010, 11:34 AM   #3
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

System Security 2009 can be difficult to remove once you're infected with it, often requiring manual editing of your registry keys to get rid of it. If you do a google search, you'll often find pages on how to approach it. For example, this one:

http://www.bleepingcomputer.com/viru...-security-2009

Here's another one:

http://windowsprotection.net/how-to-...removal-guide/


I'd try starting your PC in Safe Mode with Networking (press f8 key repeatedly while your PC is booting to get to the Safe Mode menu choices, and select the Safe Mode with Networking choice). Then, see if you can download malwarebytes and run it under safe mode without System Security 2009 running.

http://www.malwarebytes.org/


You may want to try downloading the Avira Rescue CD and see if it can get rid of it. Basically, it's a Linux based CD that you can boot into and disinfect common problems. That way, you're not booting into an infected operating system (since you are already infected with System Security 2009, which may be blocking attempts at trying to run real anti-malware products) -- instead, you're booting into Linux instead (so you're not loading anything from the infected operating system on your primary hard drive).

http://www.free-av.com/en/products/1...ue_system.html

If you can't do this from your PC, you may want to see if you can download it and burn it to CD from a friend's PC. Then, take the rescue CD to your PC and reboot your PC into it (either using the boot menu choice that comes up when you power up your PC, or going into your BIOS Settings and making sure your CD/DVD drive is the first boot choice in the boot order list).

Another approach is to remove the drive from your system, and install it as a second drive in another system. Then, install products like the free version of malwarebytes (highly recommended) and run it against the infected drive.

http://www.malwarebytes.org/

Basically, just make sure you're not booting into the infected drive on the other PC (you still want to boot windows from it's normal boot drive, just installing the infected drive as a second drive in that system, making sure not to run any programs on the infected drive). That way, you're scanning and cleaning it from an operating system that's not infected by it yet.

But, you may have to resort to manual removal of registry keys associated with System Security 2009 in order to get rid of it (as described on some of the pages you'll find about removing it) if you can't scan it from a clean operating system (either booting into a Linux operating system via CD to clean it, or installing the drive as a second drive in another PC to clean it using Windows based anti-malware products for that purpose).
JimC is offline   Reply With Quote
Old Apr 11, 2010, 12:10 PM   #4
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

P.S.

Another option would be to just backup your data and reinstall windows from scratch.

Chances are, if you're infected by one malicious program (like System Security 2009), you've got more malware on your PC, too. Once you have a bad infection (especially with root kits and boot sector viruses), it can be very hard to detect and get rid of all of it.

Have you got a backup of any pertinent data files (photos, documents, etc.)?

If not, do you have a USB attached hard drive you could use to copy your data to?

If you are infected with a lot of malware, you may just want to reinstall Windows and programs from scratch if you have installation CDs (or have a restore partition on your drive you can use for that purpose).

Then, once you have a clean installation, make sure to enable your firewall, and make sure you have all current operating system updates from Microsoft installed (service packs, security patches, etc.). Ditto for your browser (use the latest versions), plugins like Adobe Flash, Adobe Reader, etc. (as those are common targets for installing malware and new vulnerabilities are found all the time). So, make sure you update to the latest versions to fix known vulnerabilities in them. Then, install products to help prevent future infections.

Here is what I'd suggest:

Avira Antivir for starters. You'll find a download link to the free version on this page:

http://www.free-av.com/en/trialpay_d...antivirus.html

Reasoning? Best detection rates for new malware based on studies.

http://www.av-comparatives.org/image...c_report24.pdf

Avira is what I've got installed on my Windows partitions right now, as it's leading the pack in new malware detection, and able to catch about 74% of it (as compared to only 47% for McAfee like you've got installed). System Security 2009 has been around for a while though (so, it's not really new malware, and many real security products should have stopped it from installing, *if* you're keeping them up to date).

None of them are very good at detecting newer malware, including Avira. But, it seems to be the "best of the bunch" for right now. Note that Avira's false positives are a bit higher, but i'd rather have an occasional false positive than a malware infested PC.

Of course, even with it's much better detection rates compared to most products, that still means that over 25% of new malware could still "slip through". So, that's not very encouraging. But, it's a heck of a lot better than most of them in that area.

I'd also suggest supplementing it with ThreatFire. You can get it from here:

http://www.threatfire.com/

In addition, I'm using Finjin. You can get it from here:

http://securebrowsing.finjan.com/

I'd also suggest installing the free version of Malwarebytes. Get it here:

http://www.malwarebytes.org/

You may also want to consider using the Noscript addon for Firefox. It's a pain to get setup properly to use. But, given vulnerabilities, you may want to put up with that inconvenience. It will block most attempt to install malware like you've got if you don't allow most things to run on pages you visit (javascript, flash, etc.). Get it here:

http://noscript.net/

I use Firefox most of the time. But, note that Google Chrome has shown to be better compared to most browsers for resisting attempts to find vulnerabilities. So, you may want to try using it while running in Windows. Get it here:

http://www.google.com/chrome
JimC is offline   Reply With Quote
Old Apr 11, 2010, 12:35 PM   #5
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

One other thing you may want to consider...

If you don't have any Windows specific applications you use on a frequent basis, you may even want to give Linux a try in a dual boot configuration and see how you like it. That way, you're not going to be vulnerable to malware written for Windows when web browsing, etc.

I'd probably look at Mint 8 for starters. It's a very easy to use Linux distro with many programs preinstalled (Firefox, OpenOffice.org, image editors, music players, etc.), and thousands more available with a mouse click or two.

Here's a review:

http://www.dedoimedo.com/computers/l...nt-helena.html

You can download it from the link in this press release (click on the .iso file):

http://distrowatch.com/?newsid=05795

Just burn the .iso file to CD, reboot your PC into it, and it can run from CD so you can decide how you like it before installing it using the install icon you'll find for it. If you don't have a program that knows how to burn a .iso file to CD, you can use something like Deepburner free. It's the second download link on this page:

http://www.deepburner.com/?r=download

Just use the Burn .iso choice you'll see when starting it, browse for the Mint 8 .iso file you downloaded and click on it. Then, use the defaults to burn the .iso file to CD and boot into and you'll be running Linux from a Live CD. You could also use something like Mint 8 running from a Live CD to copy your pertinent data files (documents, photos, etc.) to an external hard drive if you can't do that from within your infected Windows system, so you can have a copy of those files should you decide to reinstall Windows and programs from scratch.

What kind of PC do you have (CPU, RAM installed). If it doesn't have much memory, there are many other Linux choices with less in the way of resource requirements.
JimC is offline   Reply With Quote
 
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 1:36 PM.