Win7 Home Security Infection - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 04-09-2011, 01:06 PM   #1 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Win7 Home Security Infection

I just got finished cleaning a machine with this infection so I figured I would share. Let me start off by saying that Microsoft does not and will never call its software by the slang Terms. Meaning Microsoft will never call it Win7 or Win8 or Vista or anything like that. So right there is a dead give away that this is fake. It is always proper terms from the company as they will always call it Windows 7, Windows Vista and so on.

Now onto the removal process.

First thing you need to do is use a 2nd PC to download the latest copy of MalwareBytes Antimalware and ComboFix. Transfer them onto a USB Thumb Drive for use with the infected machine.

Next thing you need to do is go into Safe Mode. Not Safe Mode with Networking. Just Safe Mode! From there on the Main Screen of Win Home Security enter this code into the Activation area:

1147-175591-6550

It is the only serial that works. This will cause the program to say it is activated. Since previously this infection prevented you from doing anything it thinking that it is activated now allows you to run programs.

Run Combofix from Safe Mode. The install MBAM and run that. Then update your Anti-Virus protection. Between these 3 scans you should be clean. But to verify make sure that you do not have anything that says Win7 Home Security on your system as well as cleaning our your C:\Users\<username>\AppData\Local\temp folder and all other temp folders. Make sure that you use Task Manager or Process Explorer to verify that no processes that have only a 3 character name are running. This is the infection.

Reboot, run scans in normal mode for extra care if you wish and enjoy a clean system.
__________________

__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline   Reply With Quote
Old 04-19-2011, 03:45 PM   #2 (permalink)
Newb Techie
 
Join Date: Apr 2011
Location: Louisiana
Posts: 4
Default Re: Win7 Home Security Infection

Having your Windows Updates current, especially the Malicious Software Removal Tool helps prevent getting this and actually helped me clean my boyfriends laptop last week. His updates were already downloaded just not installed when I rebooted the computer after the install of Malware Bytes and the Malicious Software Removal Tool zapped it. Of course I did run all the scan to get all the other crap off the computer.
__________________

LLangston is offline   Reply With Quote
Old 04-19-2011, 05:24 PM   #3 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Re: Win7 Home Security Infection

Of course staying updated and current can prevent this. The whole purpose of this was how to remove it if you got it. You wouldnt need the instructions on how to remove it if you stayed updated and prevented it from occuring in the first place.
__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline   Reply With Quote
Old 05-02-2011, 12:12 PM   #4 (permalink)
True Techie
 
Join Date: Feb 2010
Location: That one place
Posts: 223
Default Re: Win7 Home Security Infection

will this work for XP Anti Virus 2011
techleaner is offline   Reply With Quote
Old 05-02-2011, 12:24 PM   #5 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Re: Win7 Home Security Infection

No this is specifically for Win7 Home Security Infections.

http://www.bleepingcomputer.com/viru...-security-2011

Complete instructions for other fake program removal above. These instructions are specifically for the Win7 Home Security cause that is the only program that this serial is used for. That is why it is titles as such.
__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline   Reply With Quote
Old 05-03-2011, 03:24 AM   #6 (permalink)
Newb Techie
 
Join Date: May 2011
Location: Carbondale,IL
Posts: 6
Default Re: Win7 Home Security Infection

great info thank you, my comp keeps telling me I have a new infection everyday so looks like I need to do a clean sweep lol
Jasonbaudendistel is offline   Reply With Quote
Old 05-03-2011, 09:28 AM   #7 (permalink)
True Techie
 
Join Date: Feb 2010
Location: That one place
Posts: 223
Default Re: Win7 Home Security Infection

Ok thanks!
techleaner is offline   Reply With Quote
Old 05-05-2011, 10:36 AM   #8 (permalink)
Older But Wiser
 
kboy's Avatar
 
Join Date: Jul 2003
Location: So. Cal
Posts: 1,041
Default Re: Win7 Home Security Infection

Good to know.Gracias!!
__________________
ASUS Sabertooth 990FX
AMD FX-8150
16 GB Ram
ASUS GeForce 760 GTX


1TB Sata Seagate
100 Gig Maxtor Sata 7200 Rpm
ASUS DRW 24B3S7 ATA Optical
Windows 7 Home Premium
Dell E228WFP 22"
kboy is offline   Reply With Quote
Old 10-23-2011, 09:36 PM   #9 (permalink)
Junior Techie
 
Join Date: May 2010
Posts: 50
Default Re: Win7 Home Security Infection

So.... I read this, go into taskmanager and see

alg.exe Local Service
and
jqs.exe System

so...I might have a virus? it's piece of **** computer anyway, i think I'm finally gonna get a new one for christmas, but I still wanna keep it clean. I haven't noticed anything different, its always slow haha

So all 3 letter processes are probably viruses?

Thanks
SoupDoGG is offline   Reply With Quote
Old 10-23-2011, 10:08 PM   #10 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Re: Win7 Home Security Infection

alg.exe is part of the Application Layer Gateway a legit process on Windows machines. Not a virus.

jqs.exe is the Java Quick Start service. Again not a virus.

A real quick and easy thing to do if you are unsure, type the process name into Google or Bing and see what comes up. If it is an infection you will find out within a few hits if it is or not.
__________________

__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
best way to go from XP Home to Win7 ultimate? thewolfman Microsoft Windows and Software 6 08-10-2009 04:51 PM
Home network security question Erty Computer Networking and Internet Hardware 1 12-02-2005 05:28 PM
security of my home wireless network? glennl Computer Networking and Internet Hardware 2 05-17-2005 12:04 PM
Home Entertainment cum Security System PC Sevenor Overclocking and Modding 6 04-22-2005 12:18 AM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:51 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.