[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

personal security - antivirus program

Posted on 2010-01-01
9
Medium Priority
?
719 Views
Last Modified: 2013-11-22
I have a computer that keeps having a security program called "Personal Security" keep popping up.  It says the computer has 42 threats.  The owner says they never downloaded this.  It appears by the net that it may be a hoax of a program.  Is anyone familiar with this program and if so, how do you sucessfully remove it?  Thanks.
0
Comment
Question by:lpetrowicz
9 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 26159207
Hello lpetrowicz,

Download and install/run malware bytes http://www.malwarebytes.org/mbam.php


Regards,

PeteLong
0
 
LVL 25

Expert Comment

by:madunix
ID: 26159222
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:
 repair a damaged system, rescue data and scan the system for virus infections.
try the above avira boot system , and run http://superantispyware.com/
0
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 26159228
Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/

Download Combofix by sUBs.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 22

Expert Comment

by:optoma
ID: 26159232
You may have to run Process Explorer if malware is preventing anti-malware programs from running.
If so, look in process explorer for any entry regarding personal security or a random named process like 24456377.exe.
Right click and suspend the "bad" process and run scanners.

Post Malwarebytes logfile here after
0
 
LVL 25

Expert Comment

by:madunix
ID: 26159241
0
 
LVL 12

Expert Comment

by:splait
ID: 26159968
This bug has any number of names, madunix, including Cyber-Security, AntiVirus 2008 or 2009 (probably 2010 coming soon), Internet Security 2008 or 9, Personal Security 2008 or 9, and many others.  As far as I can tell, they all have a battle shield in either the upper right or left of the window that pops up.

It is evolving, too.  It gets nastier and nastier as time goes on.
0
 
LVL 5

Expert Comment

by:KETTANEH
ID: 26160988
my advice ... download and run combofix under safemode

download trial version of Kaspersky internet security 2010
update it
scan ( better under safe mode)

AND TO REMOVE IT
Use the following instructions to remove Personal Security (Uninstall instructions)

Step 1.

Download Avenger from here and unzip to your desktop.

Run Avenger, copy, then paste the following text in Input script Box:

Drivers to delete:
NDISRD

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Folders to delete:
%ProgramFiles%\Common Files\PSecurityUninstall
%ProgramFiles%\PSecurity
%ProgramFiles%\PersonalSec

Files to delete:
%WinDir%\system32\win32extension.dll
%WinDir%\system32\drivers\NDISRD.sys
%WinDir%\tasks\PersonalSec.job

You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked First step completed  The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.

Your PC will now be rebooted.

Step 2.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.
malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Personal Security infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Personal_Security_remover
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Personal Security removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Personal Security creates the following files and folders

C:\Program Files\Common Files\PSecurityUninstall
C:\Windows\system32\win32extension.dll
C:\Program Files\PSecurity
C:\Windows\system32\drivers\NDISRD.sys
Personal Security creates the following registry keys and values

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSecurity



CHECK THIS SOURCE ...
http://www.bleepingcomputer.com/virus-removal/remove-personal-security
&
http://www.myantispyware.com/2009/12/01/how-to-remove-personal-security-uninstall-instructions/
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 26162883
If the tools won't run, use TDSS killer first, it may be present.
Or use Process Explorer to find the random number name and kill that process as already mentioned, or if MalwareBytes is already installed try renaming it to svchost.exe.

Or check this article below.
If you can't run .exes in an infected system:
http://www.experts-exchange.com/articles/Software/Internet_Email/Anti-Virus/CAN%27T-RUN-EXES-IN-AN-INFECTED-SYSTEM.html


If MalwareBytes is not installed yet, sometimes it needs to be renamed twice as it says in the article.
 Rename before saving and after installation.
 
0
 

Accepted Solution

by:
lpetrowicz earned 0 total points
ID: 26177524
None of the above tools worked on this bad puppy.  I had to stop a number of services to be able to get a few minute window to delete the files from Program Files.  Deleting it in Add/Remove Programs brought up its activation screen.  Once I had the files deleted, I was then able to remove the rest of the program from Add/Remove Programs.  

This was difficult but we won the battle.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question