Remove Windows Security Suite

Windows Security Suite is a fake security client that shows bogus scan results and tries to scare the user into purchasing the program. The makers of this program make money when someone falls prey to the scam and purchases the Windows Security Suite software. DO NOT PURCHASE THIS PROGRAM. It is fake and they are only out to take your money. The really bad part about Windows Security Suite client is it blocks many websites using the Windows host file. For instance you may not be able to get security updates from programs like Norton, Avast, AVG, Trend Micro and the like. Your search functions will also be highjacked as well as your web browser.

Constant re-directs maek this program hard to remove. Users who are infected with this virus need to run a full scan using there favorite security client to see if they are infected with any other trojans. If you do not have a security client then we recommend downloading a free trial of SpyHunter. Some of the fake warnings you may see will look like the follwing: “Unauthorized remote connection! Your system is making an unauthorized personal data transfer to remote computer!” “Windows Security Suite Process Control An unidentified program is trying to access system process address space”

Some symptoms of Windows Security Suite:

* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software’s website * constant warnings of being infected as well as false statements of other trojans

Windows Security Suite

Windows Security Suite

Manual removal instructions for Windows Security Suite ( Please read our disclaimer bellow )

Kill processes:

  • WI345d.exe
  • CLSV.exe
  • snl2w.exe
  • std.exe

Delete registry values:

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “698909210803”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows Security Suite”

Delete files: 26.mof mozcrt19.dll sqlite3.dll WI345d.exe WINSS.ico working.log vd952342.bd winss.cfg Windows Security Suite.lnk cookies.sqlite Instructions.ini ANTIGEN.drv CLSV.exe DBOLE.drv dudl.sys energy.dll grid.dll grid.sys kernel32.dll PE.dll PE.tmp runddl.dll SM.dll snl2w.exe std.exe tempdoc.dll search.xml Unregister DLLs: mozcrt19.dll sqlite3.dll energy.dll grid.dll kernel32.dll PE.dll runddl.dll SM.dll tempdoc.dll Delete directories:

  • c:\ADWARE_LOG
  • c:\Documents and Settings\All Users\Application Data\345d567
  • c:\Documents and Settings\All Users\Application Data\345d567\WINSSSys
  • c:\Documents and Settings\All Users\Application Data\WINSSSys
  • %UserProfile%\Application Data\Windows Security Suite

Please keep in mind that viruses mutate and change all the time. Do expect the above to change around a little. However this guide should work well for you and any experienced pro will be able to follow it and figure out the traces if they mutate.

Outside Resources:

We can not controll what others say in other virus removal guides that pertain to Windows Security Suite. However generally the below sites have good information around this virus threat.

http://www.2-viruses.com/remove-windows-security-suite

http://www.bleepingcomputer.com/virus-removal/remove-windows-security-suite

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.