Win 8 Security System Removal GuideBy Lawrence Abrams on August 30, 2012 @ 01:15 PM | Last Updated: August 31, 2012 | Read 25,349 times.
Win 8 Security System is a rogue anti-spyware program from the Rogue.FakeRean-Braviax family. This program is installed via web sites that display fake online anti-malware scanners that state your computer is infected and then prompt you to download and install the rogue. This program is classified as a rogue because it displays fake security alerts, fake scan results, hijacks your installed web browsers so that they display virus alerts, and utilizes other malware that attempt to hide the presence of the rogue.
When the rogue program is installed it will be configured to start automatically when you login to Windows. It will also install the Necurs rootkit that is used to protect Win 8 Security System from being removed. The Win32/TrojanDownloader.Necurs is a rootkit that will hide the presence of the rogue program's files and processes from Windows. This makes its removal more difficult as many security programs will not be able to detect the infection files. Due to to the use of this rootkit, it is strongly suggested that you open a malware removal assistance topic in order to receive help in removing this infection. Information on how to request malware removal assitance can be found here:
When Win 8 Security System is started it will pretend to scan your computer and then display a fake list of infections that are installed on your computer. If you attempt to remove these infections, though, it will state that you first need to purchase the program before being allowed to do so. As this program is a scam, please do not purchase this program for any reason.
While the rogue is running it will also terminate some programs when you attempt to start them and state that they are infected. The message you will see when this occurs is:
This infection will also hijack your browser and state that the site you are visiting is infected.
Last, but not least, Win 8 Security System will also display fake security alerts that are designed to make you think your computer has a severe security problem. Some of the messages you may see include:
Just like the fake scan results, these are all false and can be ignored.
As you can see, Win 8 Security System is a scam that was designed to scare you into thinking your computer was infected so that you would then purchase the program. It goes without saying that you should definitely not purchase this program, and if you have, you should contact your credit card company and dispute the charges. To remove Win 8 Security System please use the following guide to remove this infection and associated malware.
Tools Needed for this fix:
Symptoms that may be in a HijackThis Log:
O4 - HKCU\..\Run: [<random numbers and characters>.exe] %LocalAppData%\<random numbers and characters>.exe
08/30/12 - Initial guide creation.
This infection utilizes a rootkit that does not allow you to run various security programs or detect the rogue files from within your security programs. Therefore if you are not comfortable with manual removal instructions, please follow the steps in this guide in order to receive one-on-one help from one of our volunteers:
If you feel comfortable removing this infection manually, then please proceed with the following steps:
Once again if you need any help with this process, please feel free to ask for assistance in our virus removal forum.
If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:
Associated Win 8 Security System Files:
%LocalAppData%\<random numbers and characters>.exe
Associated Win 8 Security System Windows Registry Information:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 "*" = 1
This is a self-help guide. Use at your own risk.
BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus, Trojan, Spyware, and Malware Removal Logs forum.
If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.
|Tech Support Forums | The Computer Glossary | RSS Feeds | Startups | The File Database | Virus Removal Guides | Downloads|