Win7 Home Security Infection

KSoD

Call me Mak or K, Mod Emeritus
Messages
35,644
Location
C:\
I just got finished cleaning a machine with this infection so I figured I would share. Let me start off by saying that Microsoft does not and will never call its software by the slang Terms. Meaning Microsoft will never call it Win7 or Win8 or Vista or anything like that. So right there is a dead give away that this is fake. It is always proper terms from the company as they will always call it Windows 7, Windows Vista and so on.

Now onto the removal process.

First thing you need to do is use a 2nd PC to download the latest copy of MalwareBytes Antimalware and ComboFix. Transfer them onto a USB Thumb Drive for use with the infected machine.

Next thing you need to do is go into Safe Mode. Not Safe Mode with Networking. Just Safe Mode! From there on the Main Screen of Win Home Security enter this code into the Activation area:

1147-175591-6550

It is the only serial that works. This will cause the program to say it is activated. Since previously this infection prevented you from doing anything it thinking that it is activated now allows you to run programs.

Run Combofix from Safe Mode. The install MBAM and run that. Then update your Anti-Virus protection. Between these 3 scans you should be clean. But to verify make sure that you do not have anything that says Win7 Home Security on your system as well as cleaning our your C:\Users\<username>\AppData\Local\temp folder and all other temp folders. Make sure that you use Task Manager or Process Explorer to verify that no processes that have only a 3 character name are running. This is the infection.

Reboot, run scans in normal mode for extra care if you wish and enjoy a clean system.
 
Having your Windows Updates current, especially the Malicious Software Removal Tool helps prevent getting this and actually helped me clean my boyfriends laptop last week. His updates were already downloaded just not installed when I rebooted the computer after the install of Malware Bytes and the Malicious Software Removal Tool zapped it. Of course I did run all the scan to get all the other crap off the computer.
 
Of course staying updated and current can prevent this. The whole purpose of this was how to remove it if you got it. You wouldnt need the instructions on how to remove it if you stayed updated and prevented it from occuring in the first place.
 
So.... I read this, go into taskmanager and see

alg.exe Local Service
and
jqs.exe System

so...I might have a virus? it's piece of **** computer anyway, i think I'm finally gonna get a new one for christmas, but I still wanna keep it clean. I haven't noticed anything different, its always slow haha

So all 3 letter processes are probably viruses?

Thanks
 
alg.exe is part of the Application Layer Gateway a legit process on Windows machines. Not a virus.

jqs.exe is the Java Quick Start service. Again not a virus.

A real quick and easy thing to do if you are unsure, type the process name into Google or Bing and see what comes up. If it is an infection you will find out within a few hits if it is or not.
 
Back
Top Bottom