<

Remove "Security Suite for Windows" Malware

Published on
8,799 Points
2,799 Views
Last Modified:
Approved
To Remove Security Suite for Windows Malware from a Windows XP Machine:

 Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p)

Login as Administrator

Go to My Computer /Tools/ Folder Options/ View/  check mark the selection that says Show Hidden Files and Folders and then make sure you uncheck Hide Protected System Files.   That is very important b/c that’s where this particular variation hides!!
Then go to C:\Documents and Settings\User Profile infected\Local Settings\Application Data     Then in the Application Data Folder there was a folder called goijmdwag and one called awmdlrnuqiw.   I deleted both of those b/c when I opened the folders I found the offending program “Security Suite for Windows” in them.

Empty Recycling Bin

Run Regedit (to do this see: http://preview.tinyurl.com/yhph8yt ) On a side note, ALWAYS backup your registry before making edits to it.  You can render your computer USELESS with incorrect editing.  Once that is done, you will have to reinstall Windows.
Go to the Edit menu and select search.  A pop up box will show up and in your search, type in the offending files, in my case  “goijmdwag” and “awmdlrnuqiw”
These files can be located in the following hives:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Deleted the keys that contained “goijmdwag” AND “awmdlrnuqiw”

After this I rebooted the computer.  The computer came back up and I ran the anti-virus software AND another virus and malware program.   I like to use two or three different scanners on infected machines, b/c sometimes one will catch something that the other scanners didn’t catch.

Once I got a clean bill of health, I had to fix the internet connection.   Even after the mal-ware is gone there is one last thing it does, hijacks your internet connection.    It does this by changing your default internet connection settings to use a “proxy connection”.   Most people have their internet connection set up to use “automatically detect my connection”.   So check to make sure your internet settings are what they are supposed to be.
 

After that you should be good!  Hope you find this posting helpful!
0
Author:aimee1002
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free