So it seems a lot of folks have been getting this phony security & anti-virus program called "Security Suite". It's actually malware, and you cannot uninstall it. You also have to buy a license (the scam) in order to get rid of it at all. You cannot find any folder to uninstall it. AT ALL. (Save the "Get A Mac" statements - believe me, I'm a Mac user too, and getting her on a Mac would be a miracle, I have to keep it simple w/ mom and PCs.)

My mom called me, 1100 miles away, upset and frustrated at this thing popping up on her computer. She was rendered helpless as the program took over everything. She couldn't open Control Panel. She couldn't do anything really. My uncle (her brother) eventually wiped her harddrive and she had to start over. She was upset she had lost pictures, etc. My uncle did get her a good firewall and anti-virus on there.

Then my bromance tells me his computer has the same shit on it. I was determined to find the cause. It's amazing that he and a friend tinkered around w/ it for days, then my roommate did too (and he works in tech support, and knows how to deal w/ computers). I asked them, "Um...did anyone think to just Google the problem?" Blank looks.

Come to find out, the program embeds itself in the registry, and other hidden places. You can use different anti-virus programs to try and get rid of it, but here's what I did, and it worked:

First, when you start your computer, hold down the left (or right?) shift key during the whole bootup process. I keep it held until about 2 minutes AFTER the desktop appears. This stops "start up" programs from starting up. It'll stop Security Suite from starting up.

Then, instead of using a 3rd party app to scan and delete the stuff, I went into the registry (Start, Run, regedit) and deleted the registry entries. Sounds scary, but it's pretty simple when you find the string. It's just sitting there. Go here to read what to erase: http://www.virusremovalguru.com/?p=6257

That suggests you start up via Safe Mode, which is doable as well. Either works, and "it works" is what you're looking for.

I know there are other ways to get rid of this, but this is what worked for me, and my friend's computer is clean as a whistle now.

Anyone else had this issue, or know someone who has? I personally haven't had it happen. I'm rather anal about protecting my computer, and the last time I had a trojan or a virus was 2001. I've NEVER had any issue with stuff, simply because I watch what I download, I scan everything, and I use good and free software to do it.

Get her on Linux.

I had this problem with my Nephew's PCs and I would fix it and it would happen again and again. They just can't get enough Limewire/etc. It got to the point where I created a two partition drive, all the data on E:, and if he had a problem, I'd blow an image on of the C: that I made after reinstalling windows, updates, and problems.

If he didn't need IE for his classes and Windows for playing newer games, I would have him on Linux.

[Edited 9/2/10 8:20am]

I have it on my kids PC...I am gonna try this later...thanks in advance...

shootindabreeze said:

I have it on my kids PC...I am gonna try this later...thanks in advance...

Going through the registry is very easy when you follow the instructions. There might be a couple of those that you will NOT find. Don't worry, it means you're on the right track. Also, when you see the part that says "EIGHT RANDOM CHARACTERS", that's exactly what it means. The malware buried itself in folders named "fgjffhad". That means nothing to the average user, but when you know it's a hidden place for the damn virus, you're spot on in deleting it.

Also, be sure you're showing "Hidden Files and Folder". There's one or two folders in "username/Local Settings/" that you'll need to get to.

Wow...that's serious. I never have trusted just any old anti-virus program, though. This computer is my baby. I would be VERY upset to lose all my pictures and stories (and pathetic attempts to use photoshop...) and cards I've made. That's just awful. Thanks for the heads up. I think my FB friends need to know about this one...