Windows System Suite is latest rogue antispyware application, successor of infamous VirusDoctor and Windows Security Suite. Like its predecessors, Windows System Suite is advertised with a help of online antimalware scanners and Trojan horses. Once Windows System Suite gets in touch with your system it will generate Windows Registry entries that make it so that if you will try to execute legitimate antispyware or antivirus applications it will launch C:\Windows\System32\svchost.exe. This means that programs will newer run until you kill all Windows System Suite processes or remove parasite. Windows System Suite is also infamous for hijacking Internet Explorer and redirecting all search requests to Search-gala.com instead of legitimate Google or Windows Live. Windows System Suite will also flood your system with fake security alerts, pop-ups, exaggerated scan results. In that way Windows System Suite can dramatically slow down your computer performance. We strongly recommend you to remove Windows System Suite as soon as possible manually or using automatic removal tool.
Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:
How to remove Windows System Suite manually:
It's possible to remove Windows System Suite manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Suite.lnk
%UserProfile%\Application Data\Windows System Suite
%UserProfile%\Application Data\Windows System Suite\cookies.sqlite
%UserProfile%\Desktop\436.mof
%UserProfile%\Desktop\mozcrt19.dll
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\Windows System Suite.lnk
%UserProfile%\Desktop\WSYSS.ico
%UserProfile%\Desktop\WSYSSSys
%UserProfile%\Desktop\WSYSSSys\vd952342.bd
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\hijackthis.log.lnk
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Windows System Suite.lnk
%UserProfile%\Start Menu\Programs\Windows System Suite.lnk
c:\Documents and Settings\All Users\Application Data\61a60
c:\Documents and Settings\All Users\Application Data\61a60\WS83b.exe
c:\Documents and Settings\All Users\Application Data\WSYSSSys
c:\Documents and Settings\All Users\Application Data\WSYSSSys\wsyss.cfg
Remove registry entries:
HKEY_CLASSES_ROOT\ReleaseXP.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows System Suite"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows System Suite"
Please be careful because manual removal of Windows System Suite may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
No comments:
Post a Comment