Saturday 1 September 2012

Remove Win 8 Security System (Uninstall Guide)

We came across a new rogue security program called Win 8 Security System a few days ago. It's been quite some time since we discussed rogue anti-virus software. The truth is there wasn't much to say about scareware apart from some slightly modified or extremely buggy pieces of malicious code that couldn't even load properly. Anyway, rogue security products are not completely gone yet but rather replaced with ransomware. On the other hand, second opinion malware scanners confirm that rogue security programs are still the most widely spread threats, holding the top positions. What that means? Well, it means that most antivirus programs fail to detect rogue AVs, especially those that are obfuscated and re-packed very often, sometimes a couple of times a day.



So, Win 8 Security System is a rogue antivirus program that reports non-existent computer infections and tries to scare less computer savvy users into paying for completely useless antivirus solution. In most aspects, it's a very typical rogue. Win 8 Security System is a very generic term too. As the name suggests, cyber crooks would infect machines running Windows 8 rather than Windows XP or Seven. However, this rogue antivirus program works just fine on different versions of Windows.



Once installed, the rogue program pretends to scan the computer for malicious software. It manages to find a bunch of extremely dangerous and sophisticated malware on perfectly clean computers. The way it presents supposedly infected files would definitely put a smile on your faces if you were security expert. In order to remove supposedly detected malware infections victim has to pay almost 100 bucks. That’s probably the most expensive antivirus software you’ve ever seen.

The rogue antivirus program is configured so that it runs automatically when Windows starts. But that's not the biggest problem. Win 8 Security System has a rather complex self-protection mechanism. It drops a rootkit on infected machine which monitors PC activity and blocks pretty much all attempts to terminate the rogue program or run legitimate antivirus software. This scareware doesn't block Task Manager or Registry editor but that changes nothing. You can't just simply end the offending process and delete associated files. Any attempt to end its process will trigger the following error message.


The operation could not be completed. Access denied.


The file is locked and protected by the rootkit known as Rootkit.Win32.Necurs.gen. As a matter of fact, detection rates are amazingly low for this rootkit. Cyber crooks did a great job and apparently spent many hours fine-tuning this malware. What is more, crooks made a different rootkit which works on 64-bit systems. It even has a valid certificate. Such combination can be very successful which means it's along term investment. We will probably see new variants of this malware soon and that's not very exciting.

When running, Win 8 Security System displays fake security alerts and pop-ups, mostly claiming that your computer is infected with spyware and Trojans that can steal your sensitive information. Simply ignore those fake alerts.





Furthermore, the rogue program displays a fake Security Center window claiming that your computer is not protected and encouraging you to purchase the full version of Win 8 Security System to protect your computer from malware attacks that exploit software vulnerabilities. For Windows Seven and Windows 8 the rogue program displays a fake Action Center window.



Last, but not least, the rogue program displays fake Win 8 Security System ALERT in Internet Explorer, Mozilla Firefox, and Google Chrome. The fake web browser security alerts claims that the website you're about to visit is infected with malware. If you choose to continue surfing the web unprotected you will be able to access requested website but only for a short period of time, then the fake warning message will appear again. Anyhow, it's still better than having no access to your web browser whatsoever.



Here's an example of Win 8 Security System payment page. As you can see in the image below, cyber crooks added to Comodo safe site graphics to make the payment page look more reliable and professional. Of course, the payment page is hardly safe. DO NOT pay for the bogus security program.



The official website of this malware is win8sec.com. Do not download anything from this site, don't even visit it. Even better, add it to the list of potentially harmful sites.

To remove Win 8 Security System, please follow the removal instructions very carefully. Use at your own risk. If you have any questions, feel free to comment. Good luck and be safe online!

Source: http://deletemalware.blogspot.com


Quick Win 8 Security System malware removal using cracked key:

1. Use the activation key given below to register your copy of Win 8 Security System. This will allow you to download and run recommended malware removal software. Don't worry, you're not doing anything illegal.

Select "Registration".



Then select "Manual Activation".



Use the following activation key:

8F42D6E3-FD18



Click "Register".

2. Download TDSSKiller and run a system scan to remove Rootkit.Win32.Necurs.gen. Reboot your computer if required.



NOTE: You may get the following TDSSKiller error. Ignore it, click OK to continue.



3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove Win 8 Security System and associated malware from your computer.


Win 8 Security System in Safe Mode with Networking:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Open Internet Explorer. Download exefix.reg and save it to your Desktop. Double-click on exefix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.

3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove Win 8 Security System from your computer.

NOTE: don't forget to update anti-malware software before scanning your computer.
    Tell your friends:

    No comments:

    Post a Comment