Windows Security Suite is a fake security client that shows bogus scan results and tries to scare the user into purchasing the program. The makers of this program make money when someone falls prey to the scam and purchases the Windows Security Suite software. DO NOT PURCHASE THIS PROGRAM. It is fake and they are only out to take your money. The really bad part about Windows Security Suite client is it blocks many websites using the Windows host file. For instance you may not be able to get security updates from programs like Norton, Avast, AVG, Trend Micro and the like. Your search functions will also be highjacked as well as your web browser.
Constant re-directs maek this program hard to remove. Users who are infected with this virus need to run a full scan using there favorite security client to see if they are infected with any other trojans. If you do not have a security client then we recommend downloading a free trial of SpyHunter. Some of the fake warnings you may see will look like the follwing: “Unauthorized remote connection! Your system is making an unauthorized personal data transfer to remote computer!” “Windows Security Suite Process Control An unidentified program is trying to access system process address space”
Some symptoms of Windows Security Suite:
* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software’s website * constant warnings of being infected as well as false statements of other trojans
Windows Security Suite
Manual removal instructions for Windows Security Suite ( Please read our disclaimer bellow )
Kill processes:
- WI345d.exe
- CLSV.exe
- snl2w.exe
- std.exe
Delete registry values:
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “698909210803”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows Security Suite”
Delete files: 26.mof mozcrt19.dll sqlite3.dll WI345d.exe WINSS.ico working.log vd952342.bd winss.cfg Windows Security Suite.lnk cookies.sqlite Instructions.ini ANTIGEN.drv CLSV.exe DBOLE.drv dudl.sys energy.dll grid.dll grid.sys kernel32.dll PE.dll PE.tmp runddl.dll SM.dll snl2w.exe std.exe tempdoc.dll search.xml Unregister DLLs: mozcrt19.dll sqlite3.dll energy.dll grid.dll kernel32.dll PE.dll runddl.dll SM.dll tempdoc.dll Delete directories:
- c:\ADWARE_LOG
- c:\Documents and Settings\All Users\Application Data\345d567
- c:\Documents and Settings\All Users\Application Data\345d567\WINSSSys
- c:\Documents and Settings\All Users\Application Data\WINSSSys
- %UserProfile%\Application Data\Windows Security Suite
Please keep in mind that viruses mutate and change all the time. Do expect the above to change around a little. However this guide should work well for you and any experienced pro will be able to follow it and figure out the traces if they mutate.
Outside Resources:
We can not controll what others say in other virus removal guides that pertain to Windows Security Suite. However generally the below sites have good information around this virus threat.
http://www.2-viruses.com/remove-windows-security-suite
http://www.bleepingcomputer.com/virus-removal/remove-windows-security-suite
Speak Your Mind