Aug 12

Remove Security Suite rogue – Security Suite removal guide

Rogue Anti-Spyware Add comments

Malware Analysis:

Security Suite is a fake malware removal program that aims to get you providing your credit card details and harvest money this way. Security Suite hails from the group of malicious applications that has been around for years and was recently represented by AV Security Suite and Antivir Solution Pro scareware tools. Security Suite is dangerous in a few ways. It literally jacks up your Operating System and prevents you from trying to combat it. The underlying job done by this rogue antivirus consists in distorting your system’s functionality. Security Suite impacts Windows Registry and files. It reports the detection of insecure items that are not on your computer for real. This is done in the context of trying to intimidate you. Security Suite attempts to have you believe you got tons of security issues and all kinds of parasites on your PC. Then, Security Suite will move on and recommend you register its commercial version. It’s beyond all doubt that this program is not a real antivirus so you should keep this in mind when dealing with it. Security Suite deliberately runs phony scanners and displays falsified Windows alerts just to get you confused and scared. Also, Security Suite tends to change some browsing settings, which will make it impossible to navigate through the Internet. You can restore your Internet connection by going through the following simple steps: please launch Internet Explorer, then proceed to Tools, choose Internet Options and click Connections tab. Under Connections, select LAN settings and remove the check mark next to the Use a proxy server for your LAN option. Save these changes and exit browser settings. Now that your Internet connection is back, please conduct Security Suite uninstall procedure. It’s important to understand that Security Suite is running its own corrupt process called [random]shdw.exe. What we need to do in the first place is stop that executable. There are a few ways to do that. One of them is using your Task Manager (Ctrl+Alt+Del), finding the bad process we mentioned (i.e. the one with shdw.exe attribute) and ending it. It may be good hint to open Task Manager right after PC reboot, i.e. before Security Suite starts running. After this, please stick to our removal instructions below this description. Another option is as follows:
Reboot your PC; click Start button in the bottom left-hand corner of your desktop; select Run option and type msconfig in there. Now that it’s done, a new window should open – it is the system config interface. Please hit the Startup tab and locate a process on the list that could be run by Security Suite ([random]shdw.exe). Now, do not hesitate and uncheck that process right away. Please save the changes made and follow the prompts of msconfig GUI to exit it. It will ask you to reboot your computer, so just hit Ok. After your PC restarts, Security Suite will not be showing up and bothering you – only for some time. So please follow our tutorial to remove Security Suite rogue anti-spyware for good (please see below).
One last thing is – you can also try to do the above in Safe Mode which is accessed through F8 button if you keep pressing it during reboot.

Determine if your PC is infected with Security Suite:

Download Security Suite Malware Free Scanner with Remover

Security Suite Screenshot:

Security Suite

How to remove Security Suite manually:

To perform manual removal of Security Suite, you should do the following:

Delete Security Suite corrupt files:

  • %UserProfile%\Local Settings\Application Data\[random]
  • %UserProfile%\Local Settings\Application Data\\[random]shdw.exe

Remove the following associated registry entries:

  • HKEY_CURRENT_USER\Software\wnxmal
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]“
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″

Please note that manual removal of Security Suite is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:

Download Security Suite Removal Tool

Leave a Reply