Beware of "System Smart Security"!

[Malte279]

I do not know how this software which I did not install found its way onto my computer but "System Smart Security" is a very vicious program pretending to be an anti virus program while being quite the opposite using warnings of alleged (but not existing) viruses on your computer to get people to release credit card information, send moned and the like.

There are many descriptions in the internet how to get rid of the program but many of those involve the purchase of other software
Do you Austin know how to remove "System Smart Security" from a computer?
Did anyone else experience this?

[vonboy]

I searched and found these manual removal instructions that doesn't involve any program you have to download/buy.

System Smart Security manual removal:
Kill processes:
MS345d.exe


Delete registry values:
HKEY_CURRENT_USERSoftware3
HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOTMS345d.DocHostUIHandler
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" ="http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USERSoftwareClassesSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "My Security Engine"
HKEY_CLASSES_ROOTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"


Unregister DLLs:
mozcrt19.dll


Delete files:
2322.mof mozcrt19.dll MS345d.exe MSE.ico sqlite3.dll vd952342.bd MSJKEJCCE.cfg My Security Engine.lnk cookies.sqlite Instructions.ini c:Program FilesMozilla Firefoxsearchpluginssearch.xml

From my experience with removing spyware like this, this should work. Whenever I have had a program like this install itself on my computer, I'd always look up the name of the program to find removal instructions similar to these instructions here. They always involve going into task manager and shutting down certain programs, trudging through the registry to delete said registry values, and looking for and deleting certain files.

Tell me if that works.

[Petrie85]

Oh gee sorry to hear this I hope nothing is destroyed on your computer.

[landbeforetimelover]

The manual removal technique described above should work to remove that threat.  Manual removal is the best way.  There are literally tens of thousands of rogue antivirus programs like this out there.  The method described above will take about 15 minutes for someone with limited technical experience.  Make sure you change the settings so your computer will show hidden files and folders, otherwise the files you need to delete might not come up under a search.  

If you don't feel comfortable modifying the registry and such, just kill the program using the task manager and run the free version of Malwarebytes.  Make sure to update it several times until it says "no updates available" and do the full scan.  Manual is the best way, but Malwarebytes should take care of most if not all of that stuff for you.

[DarkHououmon]

I tend to use Malwarebytes to remove malware, but it depends on how vicious this rogue is. I heard the newer ones are tougher to get rid of. If your attempts to get rid of the rogue antivirus fails, please let us know. If manual removal doesn't work and if Malwarebytes doesn't work, there are other programs that can help.

[Petrie85]

I've had my fair share of these. And yes what those too said work. Just download a removal program and it should work.

[Petrie85]

I've had my fair share of these. And yes what those too said work. Just download a removal program and it should work.

[DarkHououmon]

And unfortunately the rogues are getting stronger. Mrizos posted a blog sometime ago about a new rogue (I think it was a rogue) that was extremely hard to completely remove, to the point where almost every program he tried wouldn't work. Hopefully security and removal programs will get stronger as well.

[Malte279]

My computer is officially dead now and I'm going to take it to repairs. Unfortunately I couldn't even try the solution that involved the killing of a process because the task manager (which is the only way I knew to kill a process) was no longer starting. When I rebooted the computer in the hope that it would bring back the task manager the computer did not upload at all anymore but demanded the windows CD-Rom (which having purchased a computer with preinstalled windows 7, is not in my posession).
Currently I am writing from a computer to which I have only very rare access (regular computers at the university have the GOF blocked). I hope to be able to restore (currently still trying with an anti Vir recovery CD) or have the computer restored but I cannot yet predict when I will be back regularly.
I apologize for any delays or inconveniences that might result.

[landbeforetimelover]

Have you tried booting in safe mode?  Just keep pressing F8 every second when starting up until you get a menu.  Most rogues don't corrupt your Windows installation.  Unless of course you tried to edit the registry and messed something up.  Then you've got a problem.  If that's the case, the only thing you can really do is back up the data and wipe the thing out - an expensive procedure unfortunately.  But if you can get it booted into safe mode, let me know and I'll do a remote repair for free for you.

[Malte279]

Alas even the save mode is impossible to access

[jansenov]

Damn, that presentation is important!

You need Windows XP Live version. It has only 150 MB, and doesn't need to be installed on the hard disk. It runs from a CD or USB drive. You can use it copy the files from the hard drive onto a USB (if the Windows run from a CD) or onto a second USB drive (if the Windows run from an USB). Can you go to a friend's house and download it (what is 150 MB these days?), then put it on a CD or USB?

Alternatively I can send you the program in an e-mail attachment with instructions.
This way you won't have to pay for repair (the repairmen will most likely use the same program or connect your computer to another with Windows, but they will charge like they did something very complicated).

[Petrie85]

That's okay I hope everything works out.

[landbeforetimelover]

Malte, if you can get access to a webcam I can walk you through fixing your computer.  I can help you recover the data and restore the OS and make things even better than they were before.  If you take this to a shop you're looking at $200-$300 easy.  It doesn't matter that you don't have a disk.  I can either get you one through the net or we can use your recovery partition if you have one.  But be warned, do NOT screw with the recovery partition before backing up your data otherwise you're totally screwed.

[jansenov]

Sent you Windows XP Live CD with instructions. Tested it on my own computer. Had no problems and transfered some files to my USB for practice. Read the files on another computer. That should save your presentation.

As for bringing the computer back to shape, that will take longer and my knowledge is insufficient in that regard, so I'd listen to Austin.

[landbeforetimelover]

If you're using Bart PE there's a much better one that I use.  It's about 200mb but well worth it.  Though PE will work too.  Just make sure you plug in any USB devices BEFORE you start up the computer.  Otherwise some USB devices won't be recognized by the OS.

[DarkHououmon]

That's a shame about your computer, Malte. But there may still be a chance to save it. If you do not have any webcam or anyway for someone to help you remotely, another option that may help is to burn a rescue CD such as Kaspersky or AVG and run it. I recommend, if the other options don't work, to look online whenever you can and find a rescue CD and obtain one.

But if all else fails, try to see if you can get your files backed up (not sure how much this will cost) and reinstall your operating system, wipe it clean. If you don't know how to do this, there should be instructions online on how to do it, or someone here can tell you how.

Another option is to get a new OS, a free one. There's a lot of them out there you can easily option, such as the various types of Linux, Solaris, and OpenBSD. But I'd only recommend this option if you are unable to get Windows back at all on that computer and if you are unable to afford a new computer.

[jansenov]

^ To Austin: yes, it's Bart PE. No bells and whistles, but it will serve Malte well. Which one do you use?

[landbeforetimelover]

I use the one included in Hirens Boot CD.  It's based off PE but has been heavily modified.  The most recent version of the boot CD also includes a mini Linux, which is useful for backing up entire hard drives without getting "filename too long" error messages. : Not to mention all the cool tools included with the boot CD itself.  Though they recently were forced to remove all commercial software from their boot CD.  My custom one takes the original 14.0 version and reintegrates all the old commercial software giving you the advantage of having the newer non commercial programs along with the really good commercial programs of version 10.1.

[Petrie85]

I wonder how his computer is coming along. I hope he fixes it soon.