Tuesday, 26 January 2010

Personal Security Spyware Removal Instructions

How to remove Personal Security virus/spyware from your Windows PC

Since returning to work after the new year, I have encountered over 30 Windows PC’s infected with the very same malware, known (un)popularly as Personal Security aka Personal Antivirus, Cyber Security and other such titles.
Personal Security is a rogue anti-spyware. This program is advertised through the use of Trojans that display fake security alerts on your computer.  These alerts will state that your computer is under attack or that malware has been detected running on your computer.  When you click on these alerts, Personal Security will be installed on your computer and automatically configured to run at Windows login.  While running it will ‘scan’ your computer and present you with a list of ‘infections’ that cannot be removed unless you purchase the program.  However these infections are all fake and are shown to scare you into purchasing the program.
I can not stress enough at this point that you should not purchase Personal Security!  If you have, inform your credit card company that you were mislead into paying for the product, and that the product is a scam.
Personal-Security
While the Personal Security is running you may observe the following:
  1. A window impersonating Windows Security Centre displaying that you should purchase Personal Antivirus . – DO NOT DO THIS(!)
  2. A number of alerts stating that your computer security is compromised or that you have malware running on your computer.  Should you click on these alerts, Personal Security will be installed, or you will be brought to the purchase page for the program.
  3. Your Internet Explorer browser will be hijacked and will display security alerts when browsing the web that prevent the page you browsed to being displayed.
These symptoms are being created by Personal Security to encourage you to purchase the product.
(The following guide was derived from an article published at BleepingComputer.com and adapted after following the guide myself and finding a slightly more effective method)

Please print these instructions as you are required to close all open windows later in the fix.
  • Download MBAM (Malwarebytes' Anti-Malware) and RKILL and save to your desktop.
    MBAM (via Download.com)
    RKILL (via BleepingComputer.com)
  • Once downloaded, shut down you PC
  • Turn your PC on and immediately start pressing the F8 key on your keyboard until you are offered a selection screen.
  • From this screen, select Safe Mode (with networking)
  • Log in to Windows
  • Double click the icon on you desktop name “rkill” a black window will open while RKILL shuts down all known processes associated with spyware.  None should be started due to running in Safe Mode, however this is a “just in case”er.
  • Double click on the icon on your desktop named mbam-setup.exe to install Malwarebytes onto your computer.
  • At the end of the installation process ensure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked.  Then click on the Finish button.
image
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.  As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program window as shown below.
malwarebytes_2 
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Personal Security related files.
  • MBAM will now start scanning your computer for malware. This process will usually take a long time, so I’d suggest you go and have a cup of tea or ten.  When MBAM is scanning it will look like the image below.
image
  • When the scan is finished a message box will appear.  Click on the OK button to proceed.
  • You will now be back at the main Scanner window. At this point you should click on the Show Results button.
  • A window displaying all the malware that the program found will be displayed.
  • You should now click on the Remove Selected button to remove all the listed malware.  MBAM will now delete all of the files and registry keys and add them to the programs quarantine.  When removing the files, MBAM may require a reboot in order to remove some of them.  If it displays a message stating that it needs to reboot, please allow it to do so.  Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
  • When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
  • At this point you might think that the job is done, however it is possible, and quite likely that there is still more to be found, so you should repeat the steps above (Safe Mode, RKILL and running a Malwarebytes scan) until Malwarebytes reports 0 (zero) infections.
  • When Malwarebytes is no longer finding and removing infections, reboot your computer, this time as normal.
  • Log in to your account as usual, then ensure your antivirus product is fully up to date.
  • Once up to date, run RKILL again.
  • Now run your chosen Antivirus scanner and clean/quarantine as required at he end of the scan.
NOTES
  1. We have run the scans under Safe Mode because quite often a virus will not launch when running in this mode.
  2. RKILL ends processes associated with known malware.  If the processes were left to run Malwarebytes might pick them up in a scan, but would unlikely be able to end and disinfect them, thus leaving the spyware on your computer.
  3. Quite often the results of running a single antivirus, antispyware program is not enough to completely disinfect a Windows computer, so running another scan will help to ensure that your computer is completely malware free.
  4. However, it is not advisable to install two antivirus products side by side, since one will recognise the other as a virus due to the signatures (aka updates) a antivirus program requires to recognise viral activity.
Have you any thoughts or findings regarding this guide that you would like to share? That’s what the comments are for!

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...