Removal of System Smart Security Malware Virus

Printer Friendly Version

How Did My Computer Become Infected with System Smart Security?

System Smart Security is another in a very long line of rogue antispyware programs that sneaks into your computer from infected web sites and malicious software. It installs itself in a stealth-like manner and then proceeds to scare you into purchasing it by running and fooling you into thinking your computer is infected with tons of issues that it is not. Virus writers are becoming experts in SEO (search engine optimization) and are getting infected sites ranking very high in the search engines. Although these sites only rank high for a short time, they can do tremendous damage while they are showing up. You may have clicked on one of these poisoned search engine listings when you were infected with System Smart Security.

What Does System Smart Security malware look like?

What Does the System Smart Security malware do to your system?

First of all, this program checks the proxy server options in Internet Explorer so that you are not able to access the Internet. Beyond the fact that it pops up the annoying messages virtually non stop, it also does something even more annoying. It appears to install a Google Redirect malware as well that does not allow you to search for anything on the Internet.

Can I Remove System Smart Security manually?

To try to remove the System Smart Security malware manually you'll need to complete the following tasks. However, if you delete the wrong item in the registry it could render your computer unbootable. For this reason, do not try to remove this malware manually unless you are experienced in deleting files and removing items from the registry. In reality, its much easier to use a program such as Malwarebytes Anti-Malware to clean the system. This is covered in my step-by-step procedure below.

Fix Proxy Settings

1) Open Internet Options in the Control Panel or via Tools menu in Internet Explorer
2) Click on the Connections tab
3) Click on LAN Settings
4) Uncheck the "Use a Proxy Server for your LAN" setting. Especially if the address spot is blank.
5) Click OK

Proxy Lan Settings

Remove these Registry Entries

HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “System Smart Security"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution

Remove these Files and Folders

%Documents and Settings%\All Users\Application Data\[random]\
%Documents and Settings%\All Users\Application Data\[random]\[random].exe
%Documents and Settings%\All Users\Application Data\[random]\[random].mof
%Documents and Settings%\All Users\Application Data\[random]\[random].dll
%Documents and Settings%\All Users\Application Data\[random]\[random].ocx
%Documents and Settings%\All Users\Application Data\[random]\[random]\
%UserProfile%\Application Data\System Smart Security\
%UserProfile%\Application Data\System Smart Security\cookies.sqlite
%UserProfile%\Application Data\System Smart Security\Instructions.ini

Step by Step Procedure for Removing System Smart Security Rogue Application

1) Restart Your Computer in Safe Mode (with Networking) by pressing F8 when the computer boots and selecting the appropriate option.

2) Fix the Proxy Settings option above if you have not already done so.

3) Download RKill from Bleeping Computer to your desktop. Double-click on it and run it. This program will try to kill any malicious processes currently running on your system.

3) Now that the computer is somewhat stable, open a web browser and download Malwarebytes Anti-Malware from their site

4) After Malwarebytes has downloaded, install it and try to update it. In one particular occasion, it was unable to update and I had to update it manually. In order to update Malwarebytes manually, you'll need to download the mbam-rules.exe file and run it.

5) Now proceed to run Malwarebytes Anti-Malware and remove any problems it finds.

6) Reboot Your Computer

7) Try to Search for something on Google, click on a search result and see if it takes you to the correct page. If it redirects you to scour.com, fastsfind.com, amusede.in, find-quick-results.com or some other incorrect site, then follow these directions to remove this Google Redirect Virus

Run a Thorough Virus Scan

Finally, as an extra precaution, scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.

Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
BitDefender Scan Online - will scan and remove threats
ESet (NOD32) Online Scanner
Kaspersky Online Scan - will scan and remove threats
Panda Activescan - appears to only scan for but not remove threats
McAfee FreeScan - appears to only scan for but not remove threats
eTrust Antivirus Web Scanner - will scan and remove threats
Symantec Security Check - will scan and remove threats
Dr.Web Online Check - user can upload and test for threats on particular files

Trojan Scanner
TrojanScan by WindowsSecurity.com

Spyware Scanners
Malwarebytes AntiMalware
Super AntiSpyware
Spybot Search and Destroy

Congratulations! Your computer should be free of the System Smart Security malware.

Search PCHell.com