How to remove/get rid of Windows Security Suite malware/spyware
// July 6th, 2009 // Custom descriptions of malware, Malware Related
A new variant of fake antivirus software has just gone live on the internet. It goes by the name of Windows Security Suite.
Their website (windowssecuritysuite.com) may look quite polished but none of their claims are true and all “awards” and statistics have been stolen from other websites.
If you have come to my website because you have been affected by this malware, carry on reading and I will explain an easy method of removing this pest.
The installer for windows security suite looks pretty legit, even detailing it’s install progress.
What you probably do not know is that it is installing itself sneakily into the C:\Documents and Settings\All Users\Application Data\ folder, by creating a new subdirectory consisting of a combination of random numbers and letters and then dropping it’s executable in the said folder, which will have the same name as the folder followed by .exe
Windows Security Suite has ripped off most of it’s user interface from the familiar (and safe) Windows Defender, which should not be confused with the Windows Security Suite malware. To give the illusion of being completely official and microsoft affiliated, the authors of this malware have even gone as far as to replicate windows licensing instructions and images, as shown in the screenshot below.
They have also made some rather convincing UAC-esque alerts which grey out the rest of the screen, much like the alerts you get in Windows Vista.
Internet Explorer also does not escape the clutches of Windows Security Suite, also offering the user scary messages all designed to trick the user into parting with money for this malware.
As with all the previous rogues listed on this site, there is a good dose of scary messages and alerts informing the user their computer is infected and that they must purchase Windows Security Suite in order to be protected.
and the occasional tooltip balloon to remind you it’s still there…
Shocking (fake) scan results for an absolutely clean windows machine…
They have done a good job of making this fake anti virus software look convincing, but as always they have left small clues behind. Notice, for example, the spelling of advice (advise) in this “informational popup” the windows security suite so helpfully (not) generates.
Now we will get onto how to remove this rogue……
The researchers Malwarebytes Anti-Malware have already analysed this threat and written definitions to completely remove Windows Security Suite. All you have to do is visit their website at
http://www.malwarebytes.org/mbam.php and download Malwarebytes’ Anti Malware, install it, update it and run a quick scan which will find and remove this infection completely free of charge.
If Malwarebytes Anti-Malware has helped you remove Windows Security Suite, please consider buying a license to say thanks and support their fight against malware- you can securely purchase a license by clicking here:
https://store.malwarebytes.org/342/?affiliate=4568&cart=29945&scope=cart – please note that this is completely optional and not a requirement for it to scan and remove windows security suite malware, but you will benefit in future from real time protection and regular updates that will prevent infections like this and many others installing themselves on your system!
Please leave comments to let others know how you got along!
20 Responses to “How to remove/get rid of Windows Security Suite malware/spyware”
Leave a Reply
- Praveen said: I also have the same problem. But the thing is now...
- Woody said: okguy i had the exact same problem as jordanna abo...
- Rika-chan said: For those who can't open the Internet I had the sa...
- Capricorn Logan said: thank god for telling me this but im glad i got th...
- kristina said: I installed it, tried to start it, the virus said ...
- Kali said: I already have Malwarebytes' Anti-Malware, but I c...
- my_virtual_c facebook application. Self propagating spam/worm?
- IOBit accused of stealing proprietary Malwarebytes database
- How to remove/delete Secure Keeper virus/malware
- How to remove/delete Security Tool virus/malware
Works 100% !!! Make sure you have updated to the latest Database version, in my case: 2403.
It really works perfectly!!!! thank you so much!
Amazing, it was other to disable other virus protection programs but not this.
Thank you for the guide
I did not download this; however I did use properties of the shortcut to find the file, end it’s process and delete it. It is gone now.
Thanks so much. It totally worked. I actually uninstalled your program that I purchased a while back because I thought it would interfere with SpyZooka. I was so wrong.
I have this virus and it is blocking my internet connection, so I can’t even get online. If anyone has any tips to help me get online so I can download this program, please let me know. Thanks
It won’t let me open anything, it says “the file is infected.” any help?
How about for those of us who can’t get on the internet cause of this virus.?
For those you can’t get to the internet because of the virus try going on a different account ie. Guest account shouldnt be affected well it worked for me so give it a shot
What if the program won’t work due to it “Being infected” ?
I’m getting the same response as Jordanna. Help would be appreciated.
Go into safe mode to do this. If your internet is saying you cannot connect because of proxies reset internet explorer settings and try again
I am also having the same problem as Jordanna is having. It keeps telling that every program I try to open is infected. Same with the browsers (Firefox/IE). I do have MalwareBytes Anti Malware installed for about two years, but the program won’t start. The program was running and updated a few weeks ago for the last time. I would appreciate your help.
Hey Foppe , to open a program you have to rename it iexplore… that should work .
I already have Malwarebytes’ Anti-Malware, but I cannot even open it, let alone scan my computer. I really need to get rid of Security Suite fast, please HELP ME!!!!
I installed it, tried to start it, the virus said it was infected. I tried renaming it, didn’t work either, ideas?
thank god for telling me this but im glad i got the virus today but can get rid of it now i have an excuse on why i didnt do my summer reading yet
For those who can’t open the Internet I had the same problem, it kept saying that the site could harm the pc and blah blah. You need to reboot your computer, press f8 constantly right after it starts turning on, select safe mode with networking and press enter. Open windows explorer and go to tools and select Internet options. Go to connections, LAN settings, and uncheck use a proxy server for your LAN and press ok. Then you can download and run the system.
okguy i had the exact same problem as jordanna above this is wat I did:
1.Log onto guest accont or another laptop/computer
2.Download a file called rkill, try googling it
3.Place this on a memory device and load up your own user account n your laptop/computer
4.Open up my computer and the stragedevic and find rkill then pace it on yor desktop
5. Load up rkill until you see the message rkill is infected DONT CLOSE THIS MESSAGE!
6. Load up rkill again with the above message stillon screen and it should end security suites process and allow you internt access and access to your malwarebytes program or whatevryouve got
This worked for me
I also have the same problem. But the thing is now my windows is not booting in normal as well as in safe mode. A blue screen is displayed saying that my computer is infected due to recent s/w or h/w changes and it goes off and on by itself. Plzz someone help. I am not able to get inside windows to do the cleaning process.