I beat latest version of 'systemsecurity'

Status
Not open for further replies.

ropeadopa

Baseband Member
Messages
50
to those that need help, this virus is a freakin ***** and i almost lost hope but i figured it out.

the latest version of 'systemsecurity' virus changes your desktop backround black saying "warning your computer is infected with spyware". this is unique from the older versions. this version also disables you from running any programs and accessing crtl-alt-delete. it runs a fake anti virus program in hopes youll send them your credit card info.

apparently it also keeps you from booting into safe mode or restore point. but I did not attempt this.

what I did was as soon as windows xp was in the process of loading the desktop i hit ctrl-alt-delete and deleted two different processes running that were named random numbers (3378475, 5455733). you have to be quick in closing these processes. after these are closed you can run most of your applications, but if you try searching for "how to remove system security" on the web the virus will redirect you. if you try to run anti spyware the virus will crash it.

first of all go into start menu-run-msconfig-and disable the two random numbers in the startup tab. also disable liser.

now download superantispyware. you have to rename the installer application after you download it. install the program. rename the actual excecutable of superantispyware to anything you want. run it, and remove.

malwarebytes is a great program, but did not detect the newest version of this virus, surprisingly. update avg as well, and run it, and it will catch the remaining scraps.

YOURE WELCOME =)

also, am i allowed to mention the website i got this virus from? let me just say i got it because it was the first time in forever that i actually used internet explorer to view this website, and in return my computer got raped.
 
Hunh, my friend's virus-test computer (no AV or FW) got that, now I know what it is! This should be handy if we ever try removing it :)
 
lol you want me to reinfect myself so i can run hijackthis? thats okay. this thing took me 4 hours to figure out. especially cause there was very little information on it on the web having to do with this version.

you want to have some fun? go to familyguyx.net using internet explorer and have yourself a ball. i never use internet explorer, for all i know theres a newer version that is protected from this virus. but after sitting on the site for 15 minutes it caught me.
 
I didnt say reinfect yourself, I just wanted to take a peak at your hijackthis log. I went to that site and nothing happend in IE7, watched a few vids, etc. The site looks fine to me, so far.
 
hmm interesting. well i've never used hijackthis.

It is possible i got it from somewhere else, but im like 65% sure i got it from familyguyx.
if your heart is set on getting this thing lolol well i think i can dig up the virus executables on my comp and ship em to you.
 
if you would like me to email you the virus let me know. it appears that i can get it.

avg recognizes the virus as "trojan horse adload_r.js" so i guess that it was a java script.

and keep in mind i found more than just systemsecurity virus. avg also finds vundo, cryptor, and generic12.atph.

superantispyware finds rootkit.agent/gen, adware.agent/gen, rookit.agent/gen-uacfake, trojan.agent/gen-virut[liser], adware.vundo.variant/rel.

actually, there was no mention of the words "systemsecurity" virus found by any of my 3 virus/malware scanners. older versions of the virus spread many files around the main drive labeled "systemsecurity" and a process that you have to remove labeled "systemsecurity" but this version of the virus didnt.

i dont know how to help so let me know if theres anything else i can do.

me again. quickly, i forgot to mention that you may have to delete the items in your recycling bin as well after you manage to disable the virus processes in task manager.

i hope this thread will come up in a search engine. theres nothing worse than having to take a computer to a tech shop and waste money. war on viruses!!!

if i helped please leave a message i love my ego nicely stroked. im almost positive theres no other way to disable this virus as it wont let you boot in safe mode or system restore.
 
Status
Not open for further replies.
Back
Top Bottom