Saturday, 26 January 2013

Remove Smart Security (Uninstall Guide)

Smart Security is a rogue anti-malware program (generically referred to as a virus) that may wreak havoc on your computer. Once installed, it blocks legitimate security software and most of the Windows utilities that can be really helpful when your computer gets infected. It's a new variant of an old scam, a rather clever one. This 'lovely' little piece of malware suddenly pop ups on your computer screen and purposely displays completely bogus infection warnings and balloon notifications claiming that your computer is completely riddled with viruses. Needless to say, your computer is not infected with W32/Blaster.worm and 20+ other widely spread or already forgotten malware. The only problem is Smart Security 2013 and nothing else, unless it came bundled with some other malicious software, for example rootkits and even password stealing Trojan horses. In such case, you will have to rely on your antivirus program and hope that it will detect all strains of the infection.

When running, Smart Security - designed to protect, pretends to scan your computer for malicious software. PRETENDS, it doesn't actually scan your computer. Nothing new really, just a very very typical approach to scare you into thinking that your machine is indeed infected with malware, spyware, adware and and who knows what else. When the scan is complete, the rogue application displays scary notification saying that you should buy a 'full' version of this program to remove found malware from your computer. It costs around $100. Pricey as hell, isn't it? You can get a top-notch antivirus protection for as low as $50 per year. So, do not follow on-screen Smart Security instructions and do not attempt to remove so-called infections manually. Otherwise, you can seriously mess up your computer because this nasty little piece of malware is cleaver enough to flag genuine Windows files as malware.

Smart Security is a 'drive-by' malware; it’s downloaded secretly to your web browser after visiting an infected website. Cyber criminals use exploit kits to distribute this malware. They infect websites and simply wait for visitors who do not update their software, especially Java and Adobe Flash. Any website could host Smart Security malware code, not just rogue ones as we use to think. Cyber criminals also use fake online virus scanners and sometimes rely on social engineering.

Smart Security can be easy to remove in some cases or extremely difficult. Usually, it blocks pretty much everything on your computer and displays the following warning:
[program] can not start
File [program] is infected by W32/Blaster.worm. Please activate Smart Security to protect your computer.
It blocks malware removal software, Task Manager, web browsers, Windows registry editor and other system utilities. Many people panic and buy a full version of Smart Security virus just to make the problem go away. But it doesn't go away; it only gets worse. Malware stays active and you may expect more demands for payment very soon.

Please follow the removal instructions below to remove Smart Security and associated malware from your computer. If you have something to say about this malware or you need help removing it, please post comments and questions below. Good luck and be safe oneline!

Manual activation and Smart Security malware removal:

1. Choose to remove supposedly found infections and manually activate the rogue security program. Enter one of the following codes and fake email address to activate Smart Security.




2. Then download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove Smart Security from your computer.

Smart Security removal instructions in Safe Mode with Networking:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Open Internet Explorer and download TDSSKiller. Run the utility and click Start Scan to anti-rootkit scan.

3. Then download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove the rogue security program from your computer.

Manual Smart Security removal instructions:

1. Right click on the Smart Security icon, click Properties in the drop-down menu, then click the Shortcut tab. In the Target box there is a path to the malicious file. Please na

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

- Hide extensions for known file types
- Hide protected operating system files

Click OK to save the changes. Now you will be able to see all files and folders in the Application Data/Program Data directory.

2. Rename the malicious process.

File location, Windows XP:
C:\Documents and Settings\All Users\Application Data\smart.exe

File location, Windows Vista/7:

Rename smart to virus or whatever you like. Example:

3. Restart your computer. The malware should be inactive after the restart.

4. Open Internet Explorer and download TDSSKiller. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.

5. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove Smart Security virus from your computer. That's it!

Smart Security associated files and registry values:

  • C:\ProgramData\smart.exe (Win Vista/7)
  • C:\Documents and Settings\All Users\Application Data\smart.exe (Win XP)
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Smart Security"
Share this information:

No comments:

Post a Comment