System Removal

21 March 2011 Rogue 2 Comments

System Removal virus will act like real security software and aims to deceive computer users with false information about computer security. System Removal is spread via the Internet when a Trojan is attached to software or file made available for download, fake virus scanner web sites and spam email messages. Once any prompt or dialog box is clicked, System Removal will be automatically download and install on victim’s computer. One can easily identify its presence. It show symptoms like browser redirection, excessive pop-up alerts and task bar messages. Victims also cannot run any programs and anti-virus software is disabled. The virus also disconnects the Internet probably to avoid software and security updates.

Users may not know the consequences when executing harmful files from the Internet until it is physically loaded into the system. Once System Removal is present, you will notice many negative changes. Worst, it can do is to make your computer useless. System Removal malware will prompt to obtain the registration key first before it can resolve the issue. If this happens, do not follow the instructions stated by this fake software. The genuine solution is to download a copy of anti-malware program that is popular in removing System Removal virus and other types of threats. Having a full version of the anti-malware will help guard the computer from future attack.

Screen Shot Images:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
On our diagnostics test, this potentially unwanted application will load during Windows boot-up by placing the entry on Windows registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Yujk187syudh.exe”
‘Yujk187syudh.exe’ can be any file that was randomly named to confuse users and security programs as well.

Malware Behavior
If System Removal is installed, it will begin to display fake alerts as an scare tactics to mislead victims:

Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
CLick Yes to download official intrusion detection system (IDS software).

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…

Added Registry Entries:

KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "(random)" 

Associated Files and Folders:

c:\Documents and Settings\All Users\Application Data\(random)\
c:\Documents and Settings\All Users\Application Data\(random)\(random)
c:\Documents and Settings\All Users\Application Data\(random)\(random).exe 

This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections. MBAM scanner is distributed for free.

Boot Windows in Safe Mode With Networking

1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid System Removal from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

Remove System Removal with MalwareBytes' Anti-Malware

2. Download removal tool from this page and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.

6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to System Removal.
10. Restart your computer.

Note: If System Removal prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.