Newer variants of this malware have become more inventive in how they stay installed on machines by attacking all cleaning softwares/tools so they do not run.
In fact the malware only allows certain core system components to run and your browser.
Everything else is flagged by the software as infected and blocked from running.
The truth is they are not infected and the malware is in fact the software that is causing the issue's and trying to get you to buy it in order to remove the problem.
Symptoms are very obvious and if it is installed there is no escaping the raft of fake alerts generated by the software and the fact that virtually all your other software are no longer able to run.
If you already have MBAM installed on your computer.
Please navigate to the MBAM folder located in the Program Files directory.
Locate MBAM.exe and rename it to winlogon.exe
Once renamed double click on the file to open MBAM and select Quick Scan
At the end of the scan allow MBAM to remove what it had found then reboot.
If MBAM is not installed
Download the following file and save to your desktop.
Rename the file to winlogon.exe and the run it.
Inorder to get MBAM installed you will need to identify and terminate/kill the SystemSecurity process.
As you see from the screenshot it very easily identified by its shield icon and use of random numbers for its executable. eg 1234567.exe 638476435.exe 453732.exe and the list goes on.
Highlight the shield icon/random.exe line and rightclick and select kill process.
SystemSecurity will no longer be active in memory but is still installed so best let MBAM rip it good and proper
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes' Anti-Malware
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.
Reboot and byebye SystemSecurity
We hope our application has helped you eradicate this malicious Malware.
If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.
If after removing System Security you are experiencing MBAM finding Trojan.Agent and Rootkit.Trace but it is failing to remove them then you have been infected with a blended(multiple) infection and also have the CLB WinNT/Alureon rootkit active on your computer.
Here is the canned fix/solution for removing that rootkit>>>