Computers and Networking for the Home Owner and Micro Businesses - by Sid Plait: Windows Users

Computers and Networking for Home Owners
& Micro Businesses

written by Sid Plait

Back to Main Page
Quick Search

Search only in titles: Keyword:

Search in:

Date Range:

Advanced Search

Basic Search
February 2012

Su Mo Tu We Th Fr Sa
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29
Syndicate
Monthly Archives
Category Archives
Recent Posts
1. While listening to Iron Butterfly (who?) one day, (in the merry, merry month of... January??)
  Wednesday, January 25, 2012
2. My recycling event last Saturday - THANK YOU ALL!
  Wednesday, January 25, 2012
3. THIS is one of the reasons I love Astronomy!
  Sunday, January 22, 2012
4. Check your bank accounts on a neutral PC (account fraud reaches new lows)
  Saturday, January 07, 2012
5. Rootkits are not forever! How to get rid of Windows 7 AntiVirus!
  Monday, January 02, 2012
6. Another electronic e-cycle event in Atlanta
  Wednesday, December 21, 2011
7. Even a consultant can get attacked
  Tuesday, December 13, 2011
8. Apple unveils latest product where I learn yoga!
  Thursday, October 20, 2011
9. GREEN Electronics Recycling Event #2 in the Lower Woodstock area on October 22nd!!
  Thursday, October 13, 2011
10. GREEN Electronics Recycling Event in the North Atlanta, GA, USA area on October 24th in Dunwoody!!
  Friday, October 07, 2011
Recent Comments
1. Polly on While listening to Iron Butterfly (who?) one day, (in the merry, merry month of... January??)
  1/30/2012
2. Sid Plait on While listening to Iron Butterfly (who?) one day, (in the merry, merry month of... January??)
  1/27/2012
3. Polly on While listening to Iron Butterfly (who?) one day, (in the merry, merry month of... January??)
  1/26/2012
4. jack siegel on Another electronic e-cycle event in Atlanta
  1/23/2012
5. Sid Plait on Theft on the Internet Reaches New Lows (or is it "Highs"?)!
  12/23/2011
6. Jann on Theft on the Internet Reaches New Lows (or is it "Highs"?)!
  12/23/2011
7. Sid Plait on Even a consultant can get attacked
  12/22/2011
8. Ivan3Man_At_Large on Even a consultant can get attacked
  12/18/2011
9. plus size wedding dresses on Theft on the Internet Reaches New Lows (or is it "Highs"?)!
  11/15/2011
10. Linda on Apple unveils latest product where I learn yoga!
  11/6/2011
Subscribe

Blog Post
Recommended Sites
- Bad Astronomy
- Astronomy Picture of the Day
Blogroll
- None

Computers and Networking for the Home Owner and Micro Businesses - by Sid Plait: Windows Users - Don't Download System Security 2009!

Windows Users - Don't Download System Security 2009!

In a post here, I talked about the email going around asking you to "keep your anti-virus software up to date" by clicking a link. There are a couple of new twists to how this malware product shows itself that you need to be aware of.

First of all, be aware that the purpose of this pop up is to not only install the malware on your computer, but also to get your credit card and other personal information. If, in the screen as shown below, you click the "Get full time protection with System Security" button, it will take you to a screen that will ask for payment. IF YOU GAVE THEM YOUR CREDIT CARD information:

stop what you are doing immediately
call the phone number on the back of the card you used
tell them what happened
ask them to deny any charges that come in after the date and time you made that charge
get them to cancel that card and issue you a new one

This is a good procedure to follow anytime you think someone unscrupulous has your financial information. You should also check your credit reports on a regular basis to make sure all the accounts listed are correct and that no one else has opened an account in your name.

So, System Security 2009 now comes in a convenient pop-up form! However, the name changes frequently, so I have provided a screen shot of its current iteration. It will pop up on your screen without warning. If you want to search for more info on this, Google "Trojan.Poison.J", the first item in the screen shot.

First of all, the main popup screen will look like this:

If you see this screen, click the red "X" in the upper right-hand corner to get rid of it. As long as you do that, and do not click anything else in the window, you should be OK.

If it's too late, meaning you clicked something other than the red "X", then you will need to remove the infection. Not doing so immediately will cause you more stress than anyone needs. If you feel you don't have the expertise to follow these steps, please, call a professional! You may also be able to find an automated tool online that will remove this infection. Click here to go to a Google page listing a number of removal tools. (I have chosen not to link to any of them because links change. If you see a reference to a tool from someone you know and trust (e.g., Norton, ESET, Kaspersky, McAfee, etc.), use it.

So, here's what you do if this vile piece of malware is inhabiting your PC (read this through carefully before starting the work):

Removing System Security 2009 manually******:

1. Boot into Safe Mode.

2. Browse to and remove the following files:

C:\Documents and Settings\All Users\Application Data\00308937*\pc00308937ins*
C:\Documents and Settings\All Users\Application Data\00308937*\00308937.exe*
C:\Documents and Settings\All Users\Application Data\00308937*\config.udb
C:\Documents and Settings\{your username directory}**\Desktop\System Security 2009.lnk
C:\Documents and Settings\{your username directory}**\Start Menu\Programs\System Security\System Security 2009 Support.lnk
C:\Documents and Settings\{your username directory}**\Start Menu\Programs\System Security\System Security 2009.lnk

* - The number in this command (00308937) may not be the actual number you see in the directory. If so, replace that number with the one in the directory.

** - replace "{your username directory)" with the name of the user's folder under Documents and Settings. For example, my username is "Sid", so the path to the System Security 2009.lnk file would be:

C:\Documents and Settings\Sid\Desktop\System Security 2009.lnk

3. Delete the following registry entries:

HKEY_LOCAL_MACHINE\Software\00308937*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “00308937″*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009

* - The number in these registry entries (00308937) may not be the actual number you see in the directory. If so, replace that number with the one in the directory (the same one you used in the previous step).

****** - Manual removal of System Security 2009 is a dangerous task if you aren't familiar with the registry. If you remove the wrong keys, you could cause your computer to stop working. While it has worked in every case for me so far, the malware may reappear. I suggest you either use an automated tool or call a professional to remove it.

Good luck! Hopefully, you will never have to deal with this!

Posted by Sid Plait at 9/25/2009 4:50 AM

Categories: Email, Malware, Identity Theft, Internet, PC Security, Computers, Critical thinking, Bad News!

Trackbacks

Trackback specific URL for this post

No trackbacks exist for this post.

Comments

Display comments as (Linear | Threaded)

9/28/2009 1:53 AM IVAN3MAN wrote:
I've often observed that a lot of people tend to throw out their old PC or Mac whenever they acquire a new computer; instead, they would be well advised to use that old computer as a buffer between the Internet and their new computer, sort of like the medieval King's taster, when viewing some dodgy website or when reading some suspicious e-mail -- if the 'taster' computer gets 'poisoned', then the 'King' computer is spared.

P.S. It has been six months since your previous post, Sid. What kept you?
Reply to this
1. 9/30/2009 5:47 PM Sid Plait wrote:
  While you make a good point, most people don't really know how to set that up. In addition, they aren't interested in running another PC, so they aren't interested in me setting it up for them. (It's not really very "green", either.) I have one client that has an older PC he uses for the "dodgier" ("more dodgy"?) stuff. It DOES help.
  
  Sorry for the time span not writing! I've been doing other stuff.
  
  I intend to do this more often from now on.
  
  Reply to this
12/28/2009 8:07 AM Walter W wrote:
I saw this on my family's computer a few months ago. I ended up just reloading the system to get rid of the problem. One thing to note is that this malware/virus also blocks access to sites like mcafee.com, microsoft.com, and symantec.com just to name a few. I was able to reach these sites using the Google Chrome browser.
Reply to this
3/8/2010 4:00 AM Managed IT Services Melbourne wrote:
I took your advice when I graded from my old computer recently. And luckily I did too! I could not successfully boast some information into the new computer and luckily I was able to use a backup, also (incorrectly) saved on the hard drive of my computer.
Reply to this

http://blog.plaitsolutions.com

Back to Main Page

Quick Search

Syndicate

Monthly Archives

Category Archives

Recent Posts

Recent Comments

Subscribe

Recommended Sites

Blogroll

Windows Users - Don't Download System Security 2009!

Trackbacks

Comments

Leave a comment