Remove "Security Suite for Windows" Malware

To Remove Security Suite for Windows Malware from a Windows XP Machine:

 Restart computer in Safe Mode (to do this see

Login as Administrator

Go to My Computer /Tools/ Folder Options/ View/  check mark the selection that says Show Hidden Files and Folders and then make sure you uncheck Hide Protected System Files.   That is very important b/c that’s where this particular variation hides!!
Then go to C:\Documents and Settings\User Profile infected\Local Settings\Application Data     Then in the Application Data Folder there was a folder called goijmdwag and one called awmdlrnuqiw.   I deleted both of those b/c when I opened the folders I found the offending program “Security Suite for Windows” in them.

Empty Recycling Bin

Run Regedit (to do this see: ) On a side note, ALWAYS backup your registry before making edits to it.  You can render your computer USELESS with incorrect editing.  Once that is done, you will have to reinstall Windows.
Go to the Edit menu and select search.  A pop up box will show up and in your search, type in the offending files, in my case  “goijmdwag” and “awmdlrnuqiw”
These files can be located in the following hives:
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\RunOnc e
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Run
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\polici es\Explore r\Run
HKEY_LOCAL_MACHINE\Softwar e\Microsof t\Windows\ CurrentVer sion\Run
HKEY_LOCAL_MACHINE\Softwar e\Microsof t\Windows\ CurrentVer sion\RunOn ce
HKEY_LOCAL_MACHINE\Softwar e\Microsof t\Windows\ CurrentVer sion\ RunServices
HKEY_LOCAL_MACHINE\Softwar e\Microsof t\Windows\ CurrentVer sion\ RunServicesOnce
HKEY_LOCAL_MACHINE\Softwar e\Microsof t\Windows\ CurrentVer sion\ RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\polic ies\Explor er\Run

Deleted the keys that contained “goijmdwag” AND “awmdlrnuqiw”

After this I rebooted the computer.  The computer came back up and I ran the anti-virus software AND another virus and malware program.   I like to use two or three different scanners on infected machines, b/c sometimes one will catch something that the other scanners didn’t catch.

Once I got a clean bill of health, I had to fix the internet connection.   Even after the mal-ware is gone there is one last thing it does, hijacks your internet connection.    It does this by changing your default internet connection settings to use a “proxy connection”.   Most people have their internet connection set up to use “automatically detect my connection”.   So check to make sure your internet settings are what they are supposed to be.

After that you should be good!  Hope you find this posting helpful!

Comments (2)


I had tried Malware Bytes, Spybot, Symantec and TrendMicro and none of them completely cleaned the system.   After I cleaned the system with all 4 of these tools we still had issues, the infection would come back even though Windows Restore feature was shut off.   I did lots of research on the internet and couldn't find anything.   What I did find is that there were hidden folders with weird names that I know didn't belong on the system.  I deleted the files and then did a search on the registry to find that the offending malware kept reinstalling itself because of what hives it resided in the registry.   Once I cleared those up we haven't had any issues with the system.  
Author of the Year 2011
Top Expert 2006

I think most users would be better served to use the automated tools available here:

In virtually every instance, the automated tools do the delicate work of modifying the Registry entries properly and we don't have to worry about having one of those 'Oops' moments that can have some very serious consequences.

They will make sure that ALL of the needed changes are made (including the Proxy setting).

It should also be noted that there is a great deal more involved in repairing this infection than is described here.

For MBAM to be effective with this variant, you need to boot to Safe Mode (with networking) before starting.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.