Grrrumpy
So I was minding my own business, clicking on links that would give me information about an article I was writing, when suddenly I opened a site that installed some really REALLY obnoxious SpyWare on my computer. The creepy part is that the SpyWare is set up to look like a Microsoft application that's informing you of all the viruses that have just been downloaded to your computer. I tried to use my paid McAfee virus scan to figure out what was going on, but McAfee wouldn't open. I tried to delete the Windows application that was causing all these pop-up virus notifications, but when I restarted my computer, it stayed installed.
I did some research and found out the following information:
Windows Security Suite is a rogue security program from the same family as Antivirus System Pro and Spyware Protect 2009. Like its predecessors, Windows Security
Suite is installed through the use of malware. Once installed, the program will be configured to start automatically when Windows starts and when run, will perform a scan and then list a variety of infections that it states resides on your computer. It will not remove, though, any of these infections unless you purchase it. Do not be concerned by what Windows Security Suite states is running on your computer as the files it detects are actually harmless files created by the program itself. It only shows these fake infection files in order to trick you into thinking you are infected in the hope that you will then purchase their program. It goes without saying that you should not do so, and if you have already purchased this program, we suggest that you immediately contact your credit card company and dispute the charges as this is a fraudulent program.
Windows Security Suite screen shot
For more screen shots of this infection click on the image above.
There are a total of 8 images you can view.
When installed, Windows Security Suite will also create a new search tool in Internet Explorer, which impersonates Windows Live, and Firefox, which impersonates Google. Both of these search providers will perform searches that look like they are from Windows Live or Google, but are in fact coming from Search-gala.com. When the program is running your computer will also be constantly overtaken by fake security alerts, warnings, and nag screens about supposed security problems on your computer. What makes these alerts so bothersome is that when they are displayed you cannot perform any other tasks without first acknowledging them. This typically means wading through numerous "Are you sure?" type questions before being allowed access to your running applications. These fake alerts will display warnings that include programs accessing restricted memory or sending personal data to a remote machine. Two examples of the security alerts that will be shown can be seen below:
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to remote computer!
or
Windows Security Suite Process Control
An unidentified program is trying to access system process address space
Last but not least, in order to protect itself from legitimate anti-malware programs it sets numerous Windows Registry
entries that make it impossible to run certain applications. Some of the programs that it disables with these Registry keys are:
- The Windows Command Prompt
- Kaspersky Antivirus
- Ad-Aware
- Avast Antivirus
- BlackIce
- eSafe
- DrWeb
- F-Prot
- McAfee
- Symantec
- Kerio Firewall
- Msconfig
- Outpost
- Panda
- Zone Alarm
From the above list, you can see that this program makes it difficult to run well-known security applications so that it becomes more difficult for you to remove it.
Without a doubt, Windows Security Suite is not a program that you want installed on your computer.
(What a nasty little bugger.) The site did mention that I can remove it with Malwarebytes' Anti-Malware, which I also have installed on my computer. It's scanning right now -- Oh wait, now it's telling me to restart my computer. We'll see how this goes. ::Sigh:: so much for getting a lot done today.