Monday, January 25, 2010

How to remove Personal Security virus? (free removal guide)

Personal Security is a fake anti-malware application that makes you think it’s legitimate and reliable software, but in reality it’s just another very irritating virus that takes over your computer and does all its best to get you to purchase the so-called “full” version of the program. The rogue application is a clone of Cyber Security and Total Security scareware. It uses false positives to make you think that your system has been compromised. Personal Security has two main goals: to block you from removing it and to trick you into purchasing it, claiming that the full version will remove found threats and infections. Now, as you know this, please don’t buy it and follow our Personal Security removal instructions below to remove the virus from your computer for free.



I guess you’ve already found much useful information about Personal Security, so I’ll try to make this post short. The main question is of course how to remove it? But before that you should understand how this fake software makes its way to the system. The scheme is fairly simple. Cyber criminals create many fake websites, usually fake online scanners or other bogus websites. Such websites are called browser hijackers. These browser hijackers imitate a system scan and displays false scan results. Finally, you are advised to install free removal tool to remove the threats which don’t even exist. And instead of free malware removal tool you get PersonalSecurity virus (technically it’s a Trojan virus called Trojan:Win32/FakeXPA).

When running, Personal Security displays fake security alerts and annoying popups as shown in the images below.







To make the situation more complicated, it also blocks antivirus and anti-malware applications, blocks Windows Task Manager and other functions, displays blank or Windows crash (Blue Screen of Death) Desktop that states that your computer your computer is infected with the SPYWARE.MONSTER.FX_WILD_0x00000000 malware. Furthermore, the rogue program displays fake Security Center window which looks just like the legitimate Windows Security Center.

-----------------------------------------------------------
How do I remove Personal Security?
-----------------------------------------------------------


Method #1
This method is by far the most easiest, but unfortunately it doesn't work for all users.
a) Go to "My Computer"
b) Navigate to "C:\Program Files\Common Files\Personal Security Uninstall"
or "C:\Program Files\Common Files\PersonalSecUninstall"
c) Run the "Uninstall" program
After that download a legitimate anti-spyware application and scan your computer. Remove what anti-malware software finds.


Method #2
1. First of all you have to end the Personal Security process. To do this, open Task Manager (Ctrl+Alt+Del) and look for process named “psecurity.exe” under “Processes” tab. Select it and click the “End Process” button located in the lower right hand corner.
NOTE: if you can’t open Task Manager then reboot your PC and press Ctrl+Alt+Del as soon as possible when Windows starts. The key is to open Task Manager faster then the virus blocks it.
2. Download one of the following legitimate anti-malware applications and run a full system scan. Don’t forget to update it first. All programs a free.

Method #3

Download HijackThis tool. (NOTE: before saving it to your dekstop, rename HijackThis.exe to explorer.exe)
Launch HijackThis and click 'Do a system scan only' button. Select the following entries from the scan results:

O2 - BHO: &Security Update - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\WINDOWS\system32\win32extension.dll
O4 - HKCU\..\Run: [PSecurity] C:\Program Files\PSecurity\psecurity.exe
O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe

Close all open programs and click "Fix Checked" button. Exit HijackThis.

Method #4
Reboot your computer in "Safe Mode with Networking" and run ant-spyware application from there. How to do that: http://www.computerhope.com/issues/chsafe.htm
-----------------------------------------------------------
Personal Security manual removal
-----------------------------------------------------------
End the main process: psecurity.exe

Remove the following folders and files:
  • C:\Program Files\PSecurity
  • C:\Program Files\PersonalSec
  • C:\Documents and Settings\All Users\Start Menu\PSecurity
  • %UserProfile%\Desktop\Personal Security.lnk
Remove the following registry values:
  • HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"


Personal Security removal video:
     

    No comments:

    Post a Comment