* System Security * I've got it bad...nothing will open!

**brysonprice** · **brysonprice** on 20th June 2009, 12:55 am

I have the System Security 2009 spyware/virus on my computer. I have tried everything on this forum and then some and still can't get rid of it. NOTHING will work. Everything I try to open doesn't work. I even tried HiJack this...didn't work.

Any suggestions? Thank You!

***** When I try to get into safe mode, it says "Windows has encountered a problem and will shut down in 1 minute"

**Origin** · **Origin** on 20th June 2009, 2:56 am

Please download Ice Sword from HERE

Download the zip to your desktop and extract it.
Open the Ice Sword folder and then launch IceSword.exe.
Then look in the left hand bottom of the program and press "Registry"
When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Now look in the right side pane for two run values that are just random numbers.
Once you have found the value(s), right click it and press "Delete"
Okay the prompt and close IceSword.

**If you are unable to open the zipped file, download IceSword from here:

Please download IceSword from here, I unzipped it so you should only get the .exe file:

http://rapidshare.com/files/246323341/IceSword.exe
Once the file has downloaded, see if you can do the above instructions.

**brysonprice** · **brysonprice** on 20th June 2009, 7:09 am

thanks for the quick response Smile...

I tried to open the IceSword.exe , but it never opens. (it won't let me execute any programs)

anything else I can do ?

**Belahzur** · **Belahzur** on 20th June 2009, 2:48 pm

Rename IceSword.exe to winlogon.exe and see if it opens now.

**brysonprice** · **brysonprice** on 20th June 2009, 3:40 pm

I changed the name to winlogon and when I try to open it, my computer flashes a blue screen with words really fast and then restarts : /

**Origin** · **Origin** on 21st June 2009, 2:39 pm

Lets try something in safe mode shall we:

Can you do the following in Safe Mode with Networking, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

See HERE for how to disable your AV. (Mcafee)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall.

**JIMV** · **JIMV** on 21st June 2009, 4:22 pm

@brysonprice wrote:I have the System Security 2009 spyware/virus on my computer. I have tried everything on this forum and then some and still can't get rid of it. NOTHING will work. Everything I try to open doesn't work. I even tried HiJack this...didn't work.

Any suggestions?

I was infected yesterday on my XP machine...this nasty thing has cut me off from the internet except to their site. SO, I cannot down load anything. I use Webroot Internet Essentials, which is up to date, but it didn't see this coming and cannot remove it. I cannot get to system restore, help, the internet, add or delete programs, etc. I cannot load a virus program via disk. In short, this mess has shut that PC down. I have run sweeps in safe mode without success...so, how do you get rid of this without having an ability to load a new program???

I also own webroots window washer...this has an erase function which I believe wipes the entire hard drive clean. If I use such a device, does any firmware remain to let me reload XP and then my other programs via the PC's disc drive??? The more I read of this thing, the more this sounds like to only real solution. If I take it to the shop, those folk will just wipe the disk and reload XP...can I do that at home and avoid the $100 fee?

**brysonprice** · **brysonprice** on 21st June 2009, 5:56 pm

@Origin wrote:Lets try something in safe mode shall we:

Can you do the following in Safe Mode with Networking, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

Download combofix from here
Link 1
Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

See HERE for how to disable your AV. (Mcafee)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall.

I opened safe mode, but then it said "Windows has encountered a problem and will restart automatically in 1 minute". When I tried to access the internet, the screen turned blue with some words and restarted.

Thanks for attempting to help...I hope we can figure out the problem : )

**Origin** · **Origin** on 22nd June 2009, 8:54 pm

Download the GMER rootkit scan from here: GMER

Unzip it and start GMER.
Click the >>> tab and then click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

**brysonprice** · **brysonprice** on 22nd June 2009, 9:41 pm

@Origin wrote:Download the GMER rootkit scan from here: GMER

Unzip it and start GMER.
Click the >>> tab and then click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Origin,

When I log into safe mode, it says "Windows has encountered a problem and will shut down in 1 minute". I tried it, it started scanning, but after a minute, it shut down.
Any other suggestions ?