The new variant, just like the previous identified AntiVirus AntiSpyware 2011 and AntiVirus System 2011 versions, displays really annoying security alerts and pop-ups to make you think that your computer is infected. It displays this fake Security Center Alert that looks a lot like the genuine one, and claims that your computer is infected with Win64.BIT.Looker.exe.
It also shows another fake Security Center alert saying that someone is stealing your sensitive information, Windows ID and licence key and some other important stuff. Fake error message:
Security Solution 2011 hijacker Internet Explorer and may redirect you to a fraudulent payment processing site where you can purchase the software which will then remove the threats from your computer. Security Solution 2011 related websites:
- securitysolution2011.com
- securitysolution2011ltd.com
- securitysolution2011corp.com
Security Solution 2011 is not a virus, but more like a Trojan horse that pretends to be a legitimate anti-virus application. It cannot delete your files and steal your credit card information. Under no circumstances should you purchase this phony anti-virus software. If you already did, you will need to cancel your credit card. Then please follow the steps in the removal guide below to remove Security Solution 2011 and related malware. If you need help removing this malware, please leave a comment below. Good luck and be safe online!
Security Solution 2011 removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate Security Solution 2011 removal instructions using HijackThis or Process Explorer (in Normal mode):
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for such entry in the scan results:
O4 - HKCU\..\Run: [Security Manager] C:\Documents and Settings\[User Name]\Application Data\Security Solution 2011\securitymanager.exe
O4 - HKCU\..\Run: [Security Solution 2011] "C:\Documents and Settings\[User Name]\Application Data\Security Solution 2011\Security Solution.exe" /STARTUP
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
OR you can download Process Explorer and end Security Solution 2011 processes:
- Security_Solution_20111.exe
- securitymanager.exe
- securityhelper.exe
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Associated Security Solution 2011 files and registry values:
Files:
In Windows XP:
- C:\Documents and Settings\[UserName]\Application Data\Security Solution 2011\
- C:\Documents and Settings\[UserName]\Application Data\Security Solution 2011\Security Solution.exe
- C:\Documents and Settings\[UserName]\Application Data\Security Solution 2011\securitymanager.exe
- C:\Users\[UserName]\AppData\Roaming\Security Solution 2011\
- C:\Users\[UserName]\AppData\Roaming\Security Solution 2011\Security Solution.exe
- C:\Users\[UserName]\AppData\Roaming\Security Solution 2011\securitymanager.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security Solution 2011
- HKEY_CURRENT_USER\Software\Security Solution 2011
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "25hdrof25kdrfgq"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Manager"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Solution 2011"
No comments:
Post a Comment