How to remove/get rid of Windows Security Suite malware/spyware
// July 6th, 2009 // 20 Comments » // Custom descriptions of malware, Malware Related
A new variant of fake antivirus software has just gone live on the internet. It goes by the name of Windows Security Suite.
Their website (windowssecuritysuite.com) may look quite polished but none of their claims are true and all “awards” and statistics have been stolen from other websites.
If you have come to my website because you have been affected by this malware, carry on reading and I will explain an easy method of removing this pest.
The installer for windows security suite looks pretty legit, even detailing it’s install progress.
What you probably do not know is that it is installing itself sneakily into the C:\Documents and Settings\All Users\Application Data\ folder, by creating a new subdirectory consisting of a combination of random numbers and letters and then dropping it’s executable in the said folder, which will have the same name as the folder followed by .exe
Windows Security Suite has ripped off most of it’s user interface from the familiar (and safe) Windows Defender, which should not be confused with the Windows Security Suite malware. To give the illusion of being completely official and microsoft affiliated, the authors of this malware have even gone as far as to replicate windows licensing instructions and images, as shown in the screenshot below.
They have also made some rather convincing UAC-esque alerts which grey out the rest of the screen, much like the alerts you get in Windows Vista.
Internet Explorer also does not escape the clutches of Windows Security Suite, also offering the user scary messages all designed to trick the user into parting with money for this malware.
As with all the previous rogues listed on this site, there is a good dose of scary messages and alerts informing the user their computer is infected and that they must purchase Windows Security Suite in order to be protected.
and the occasional tooltip balloon to remind you it’s still there…
Shocking (fake) scan results for an absolutely clean windows machine…
They have done a good job of making this fake anti virus software look convincing, but as always they have left small clues behind. Notice, for example, the spelling of advice (advise) in this “informational popup” the windows security suite so helpfully (not) generates.
Now we will get onto how to remove this rogue……
The researchers Malwarebytes Anti-Malware have already analysed this threat and written definitions to completely remove Windows Security Suite. All you have to do is visit their website at
http://www.malwarebytes.org/mbam.php and download Malwarebytes’ Anti Malware, install it, update it and run a quick scan which will find and remove this infection completely free of charge.
If Malwarebytes Anti-Malware has helped you remove Windows Security Suite, please consider buying a license to say thanks and support their fight against malware- you can securely purchase a license by clicking here:
https://store.malwarebytes.org/342/?affiliate=4568&cart=29945&scope=cart – please note that this is completely optional and not a requirement for it to scan and remove windows security suite malware, but you will benefit in future from real time protection and regular updates that will prevent infections like this and many others installing themselves on your system!
Please leave comments to let others know how you got along!
