cancel
Showing results for 
Search instead for 
Did you mean: 

Please help with strongantivir / security suite malware

Hello,

My laptop is infected by the Security Suite malware that directs me to a website called strongantivir.com to fix the problem.  From the previous reading that I have done I know that this is a scam, and I have tried to fix it with the removal tools that others have posted.  The problem that I have is that this malware will not allow me to run any programs.  I cannot open a web browser or other programs (I am using another computer to write this and to transfer removal tools to my infected computer), but as soon as I open the removal tool it is immediately shut down.

Any suggestions?

Thanks!!

6 Replies

Re: Please help with strongantivir / security suite malware

I just got hit today, too. I was able to get it to stop by identifying the process; it installs itself as a randomly named executable  (mine was bhinhonshdw.exe) in Douments and Settings\Username\Local Settings\Application Data\RandomName. Deleting the file and removing all registry entries to it worked for me (I also had to disable the proxy in IE to get it to work again). I used Process Explorer (do a web search) to identify the hijacking process (move the target over the warning window) and suspend it while I cleaned things up. It's insidious. There are multiple start vectors. You CAN start task manager by Ctrl-Alt-Del before the hijacker starts, and use task manager to start process explorer. The highjacker does not seem to affect Windows explorer's copy function, so you should be able to get Process Explorer in a usable path. Just do a New Task procexp. You have to be fast. You may also be able to kill it directly from Task Manager; I didn't try that, but it could work. I believe that the process always has "shdw" as the last letters of the name. Worst case is you'll have to reboot if you accidentally kill a vital process. Good luck!

Re: Please help with strongantivir / security suite malware

I also got hit today too! Out of no where! I wonder how this hijacker targets peole? I didn't download anything today or go on any unusual web sites.

anyways, your info really helped! I restarted my computer, quickly opened up task manager and 'ended process' on the weird file..mine was ohjvroshdw

(i think you're right..they do end in shdw). so after i ended that process, i went to the file location where it was at Douments and Settings\Username\Local Settings\Application Data\RandomName like you said, and then just deleted the entire folder containing the malware (my folder was called 'elhosebg').

All seems to be going fine now, I am able to go on the internet and I am now running a scan using McAfee and Windows Defender, so far everything is working normally.

Thanks again, and I'm glad a found other people with the same issue. Hopefully this info will help others.

oh, a side note: a random gay porn web site popped up while my laptop was infected...? not sure about the connection but just thought i would include that incase anyone else had the same thing happen!

Re: Please help with strongantivir / security suite malware

Make sure those registry entries are removed or reset! This malware leaves your computer vulnerable to re-infection to this or other malware. I found this site

Link to paid-for support site removed - Hayton


which gives a good rundown on other things that need to be fixed, like the one that sets .exe files as "low risk", and others that disble IE security settings.

Message was edited by: Hayton on 24/08/12 21:30:44 IST

Re: Please help with strongantivir / security suite malware

I got hit too! but that was like a few weeks ago. I removed the file like u guys said but today on my other user it popped up again! what should i do? but before it completed scanning i quickly logged off and went to another user. and nothing happened... yet.

and p.s. : when i was attacked it went to this porn site...  like jhenriques said..... weird... i wonder if there's a connection....

Highlighted
Jubo
Level 9
Report Inappropriate Content
Message 6 of 7

Re: Please help with strongantivir / security suite malware

As "administrator" on your computer, I'd also run the anti-malware program from Malwarebytes. Download the free version and run it as "admin". See if this helps. Also make sure your version of windows is up-to-date. You can check it at Microsoft Update website. Another thing you can do is to download and run the Malicious software Removal Tool.

Let us know how it goes...

Reliable Contributor rmetzger
Reliable Contributor
Report Inappropriate Content
Message 7 of 7

Re: Please help with strongantivir / security suite malware

swalshdog wrote:

Hello,

My laptop is infected by the Security Suite malware that directs me to a website called strongantivir.com to fix the problem.  From the previous reading that I have done I know that this is a scam, and I have tried to fix it with the removal tools that others have posted.  The problem that I have is that this malware will not allow me to run any programs.  I cannot open a web browser or other programs (I am using another computer to write this and to transfer removal tools to my infected computer), but as soon as I open the removal tool it is immediately shut down.

Any suggestions?

Thanks!!

An excellent guide to removing Security Suite: http://www.bleepingcomputer.com/virus-removal/remove-security-suite

Follow the "Automated Removal Instructions" to the letter. Please read the instructions first and ask questions if you are unsure of the steps required to remove this 'security suite.'

Let us know how you are doing.

Thanks,

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community