How Did My Computer Become Infected with System Smart Security?
System
Smart Security is another in a very long line of rogue antispyware
programs that sneaks into your computer from infected web sites and
malicious software. It installs itself in a stealth-like manner and
then proceeds to scare you into purchasing it by running and fooling
you into thinking your computer is infected with tons of issues that it
is not. Virus writers are becoming experts in SEO (search engine
optimization) and are getting infected sites ranking very high in the
search engines. Although these sites only rank high for a short time,
they can do tremendous damage while they are showing up. You may have
clicked on one of these poisoned search engine listings when you were
infected with System Smart Security.
What Does System Smart Security malware look like?
What Does the System Smart Security malware do to your system?
First of all, this program checks the proxy server options in Internet
Explorer so that you are not able to access the Internet. Beyond the
fact that it pops up the
annoying messages virtually non stop, it also does something even more
annoying. It appears to install a Google Redirect malware as well that
does not allow you to search for anything on the Internet.
Can I Remove System Smart Security manually?
To try to remove the System Smart Security malware manually you'll need to
complete the following tasks. However, if you delete the wrong item in
the registry it could render your computer unbootable. For this reason,
do not try to remove this malware manually unless you are experienced
in deleting files and removing items from the registry. In reality, its
much easier to use a program such as Malwarebytes Anti-Malware to clean
the system. This is covered in my step-by-step procedure below.
Fix Proxy Settings
1) Open Internet Options in the Control Panel or via Tools menu in Internet Explorer
2) Click on the Connections tab
3) Click on LAN Settings
4) Uncheck the "Use a Proxy Server for your LAN" setting. Especially if the address spot is blank.
5) Click OK
Remove these Registry EntriesHKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “System Smart Security"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
Remove these Files and Folders%Documents and Settings%\All Users\Application Data\[random]\
%Documents and Settings%\All Users\Application Data\[random]\[random].exe
%Documents and Settings%\All Users\Application Data\[random]\[random].mof
%Documents and Settings%\All Users\Application Data\[random]\[random].dll
%Documents and Settings%\All Users\Application Data\[random]\[random].ocx
%Documents and Settings%\All Users\Application Data\[random]\[random]\
%UserProfile%\Application Data\System Smart Security\
%UserProfile%\Application Data\System Smart Security\cookies.sqlite
%UserProfile%\Application Data\System Smart Security\Instructions.ini
Step by Step Procedure for Removing System Smart Security Rogue Application
1) Restart Your Computer in
Safe
Mode (with Networking) by pressing F8 when the computer boots
and selecting the appropriate option.
2) Fix the Proxy Settings option above if you have not already done so.
3) Download
RKill from Bleeping Computer
to your desktop. Double-click on it and run it. This program will try
to kill any malicious processes currently running on your system.
3) Now that the computer is somewhat stable, open a web browser and
download Malwarebytes
Anti-Malware from their site
4) After Malwarebytes has downloaded, install it and try to update it.
In one particular occasion, it was unable to update and I had to update
it manually. In order to update Malwarebytes manually, you'll need to
download
the mbam-rules.exe file and run it.
5) Now proceed to run Malwarebytes Anti-Malware and remove any problems
it finds.
6) Reboot Your Computer
7) Try to Search for something on Google, click on a search result
and see if it takes you to the correct page. If it redirects you to
scour.com, fastsfind.com, amusede.in, find-quick-results.com or some
other incorrect site, then follow these directions to remove this
Google Redirect Virus
Run a Thorough Virus Scan
Finally, as an extra
precaution, scan your computer with online virus scanner like
Housecall, BitDefender, or eTrust or download and install an antivirus
program and run a complete scan. A list of online scanners is below,
some however will only scan but not remove issues.
Online Virus Checkers
Trend Micro
Housecall - will scan and remove threats
BitDefender
Scan Online - will scan and remove threats
ESet (NOD32) Online Scanner
Kaspersky
Online Scan - will scan and remove threats
Panda
Activescan - appears to only scan for but not remove threats
McAfee
FreeScan - appears to only scan for but not remove threats
eTrust
Antivirus Web Scanner - will scan and remove threats
Symantec
Security Check - will scan and remove threats
Dr.Web
Online Check - user can upload and test for threats on
particular files
Trojan Scanner
TrojanScan by WindowsSecurity.com
Spyware Scanners
Malwarebytes AntiMalware
Super AntiSpyware
Spybot Search and Destroy
Congratulations! Your
computer should be free of the System Smart Security malware.