Personal Security Virus

[lan101]

I was having one hell of a time with this one... I ran across this advice and it seems to have worked. Just thought I would share this if anyone else runs across it.

The program doesn’t let you download any software. We sent a message to the company that created Personal Security on the “customer service” link that we would track them down and sue them for attacking our kids computer. They emailed this solution and it worked in less than one minute. We still downloaded and ran an antispyware program afterwards to make sure nothing remained. This was their response which worked:
“Dear customer,
Thank you for contacting Customer Support Center.
Please follow my instructions to uninstall the program:
Paste the following string to Windows Explorer address bar and execute it (Press Enter key):
C:\Program Files\Common Files\PSecurityUninstall\Uninstall
or
1. Open My computer, choose Disk C;
2. Find Program Files=>Common Files=>PSecurityUninstall=>Uninstall
3. Run the file Uninstall.lnk
After that our product will be removed.Sometimes it takes more than one try to remove the product due to temporary technical difficulties, so please try to do it several times.
If you have any questions concerning our software, please contact our Customer Support Service.
With best wishes,
Customer Support Team”

 

[NYJimbo]

They actually gave you instructions to remove it ?

Might be a good idea to follow up with a brief read through this and see if you see any remnants of stuff from the program:

http://www.bleepingcomputer.com/virus-removal/remove-personal-security

 

[iisjman07]

The last adware app I saw that came with an uninstaller was Bonzi Buddy

 

[kisk]

I've removed this from almost 10 systems the past month. Its a nasty one. I do:

(1) Boot into Safe Mode
(2) After logging in, use ProcessExplorer to kill any non-service tasks.
(3) Run Re-Enabler but don't restart (this will allow you to access regedit
(4) Run AutoRuns and jump to the Winlogon registry entry.
(5) Change the key from winlogon86.exe to userinit.exe
(6) With AutoRuns still up, I go ahead and disable all startup processes I don't recongnize in HKLM & HKCU
(7) Scan, Scan, Scan
(8) Reboot and fix any additional problems caused

 

[iisjman07]

(2) After logging in, use ProcessExplorer to kill any non-service tasks.

You may be interested in this batch file by Methical: http://www.technibble.com/forums/showthread.php?t=10138&highlight=kill.bat It kill all process' except the system ones, and is very quick.

In general, another thing that will probably kill this is RKill

 

[PCSupportGlasgow]

Had one of these bitches today dont know if new release of it but rkill and re-enabler wouldnt kill the feckers processes or let me open regedit or taskmanager.

in end had to go into security settings for the actual of psecurity.exe and deny all permisssions for system, admins, and users.

From there relatively simple cleanup of registry and removal of files and folder by booting the system with a winPE.

worth noting that malwarebytes didnt even pick up any of the registry entries had to do manually.

 

[Alan22]

On a side note, I have to admire the ingenuity of the programmer(s). They seem to be really good at what they do. Has anyone had a situation where the end user actually went ahead and made a purchase? I have. Just twice though.

 

[kisk]

You may be interested in this batch file by Methical: http://www.technibble.com/forums/showthread.php?t=10138&highlight=kill.bat It kill all process' except the system ones, and is very quick.

In general, another thing that will probably kill this is RKill

I use the batch file you speak of all the time, however the vundo virus disables the ability to run bat files which is why I have to use ProcessExp for this

 

[kisk]

Had one of these bitches today dont know if new release of it but rkill and re-enabler wouldnt kill the feckers processes or let me open regedit or taskmanager.

in end had to go into security settings for the actual of psecurity.exe and deny all permisssions for system, admins, and users.

From there relatively simple cleanup of registry and removal of files and folder by booting the system with a winPE.

worth noting that malwarebytes didnt even pick up any of the registry entries had to do manually.

kill the process with processexplorer first, then run re-enabler (without restart). you will then be able to open regedit (i do thru autoruns) to change the winlogon back to userinit.exe

 

[PCSupportGlasgow]

kill the process with processexplorer first, then run re-enabler (without restart). you will then be able to open regedit (i do thru autoruns) to change the winlogon back to userinit.exe

likes of processexplorer wouldnt start before the denying of permissions. Again might have just been i missed the window of oppertunity for it to work so was just easier and quicker to do manually rather than waiting on a reboot and poss missing it again.

my choice was s simple matter of quickness and im sure there are occassions i would rather user a few apps when you would rather do manually when apps you use often dont give the normal response. Its all swings and roundabouts and we all have our quirks of getting around things.

 

[kisk]

Its all swings and roundabouts and we all have our quirks of getting around things.

Tis true... nicely said

 

[bagellad]

ive had a few customers purchase the virus.

 

[kisk]

Going to pick up a laptop here in a few with ANOTHER case of this.. he said he even paid to get it off but its still there . Advised him to contact his bank.

 

[Blues]

ive had a few customers purchase the virus.

I had someone ask me if they should just buy it to fix the problem. I had to ask them to think about it if they just crash into your system and take it over do you really trust them with your credit card information