Windows System Suite
Windows System Suite is another addition to the lists of rogue program. It is a mimic of Windows Security Suite who made thousands of computer users suffer from its damaging actions. This piece of malware will enter the PC through susceptible Internet browser application. Once it’s inside, it will looks for installed security program and instantaneously deactivates if found. To make you more helpless, Windows System Suite also targets various system tools like task manager and registry editor. Your system will be heavily flooded with fake pop-up alerts and Internet search is constantly re-routed to questionable web address. On that site, another kind of malware threat can add potential damages to the system if you allow its execution.
Probably, giving you an access to visit unknown web site is your last chance to see that your Internet connections works. Windows System Suite will change your Internet connection settings and turns on the proxy server settings to prevent general Internet access. This is a preventive move to foil your plan of downloading an anti-malware from security web sites. If you succeeded in downloading anti-malware from a different computer, Windows System Suite is prepared to thwart it. Commands to disable any security applications are already integrated to system registry. There is no way that you can run .exe files without tweaking the configuration.
Windows System Suite will never stop identifying threats and security risks on your computer. It is eager to remove them the same way it shows its impatience for you to purchase the licensed version of Windows System Suite.
Screen Shot Images:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
[expand title="View More" swaptitle="Hide This"]Characteristics (Analysis)
To start itself when Windows boots-up, it places an entry on registry with the following value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows Security Suite” that calls for a file ‘FT74g.exe’
Malware Behavior
Windows System Suite issues a variety of fake alerts and warning messages to mislead victims. Some of this fake alerts may contains these text:
Added Registry Entries:Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to remote computer!Windows System Suite Process Control
An unidentified program is trying to access system process address space.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows System Suite" HKEY_CLASSES_ROOT\ReleaseXP.DocHostUIHandler HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"Associated Files and Folders:
C:\Documents and Settings\All Users\Application Data\52n97 C:\Documents and Settings\All Users\Application Data\52n97\FT74g.exe C:\Documents and Settings\All Users\Application Data\WSYSSSys C:\Documents and Settings\All Users\Application Data\WSYSSSys\wsyss.cfg %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Suite.lnk %UserProfile%\Application Data\Windows System Suite %UserProfile%\Application Data\Windows System Suite\cookies.sqlite %UserProfile%\Desktop\371.mof %UserProfile%\Desktop\mozcrt19.dll %UserProfile%\Desktop\sqlite3.dll %UserProfile%\Desktop\Windows System Suite.lnk %UserProfile%\Desktop\WSYSS.ico %UserProfile%\Desktop\WSYSSSys %UserProfile%\Desktop\WSYSSSys\vd952342.bd %UserProfile%\Recent\ANTIGEN.tmp %UserProfile%\Recent\cb.exe %UserProfile%\Recent\cid.dll %UserProfile%\Recent\CLSV.tmp %UserProfile%\Recent\DBOLE.sys %UserProfile%\Recent\ddv.dll %UserProfile%\Recent\eb.drv %UserProfile%\Recent\eb.exe %UserProfile%\Recent\eb.sys %UserProfile%\Recent\energy.sys %UserProfile%\Recent\fan.drv %UserProfile%\Recent\FS.drv %UserProfile%\Recent\hijackthis.log.lnk %UserProfile%\Recent\PE.drv %UserProfile%\Recent\PE.tmp %UserProfile%\Recent\ppal.exe %UserProfile%\Recent\runddlkey.drv %UserProfile%\Recent\tempdoc.tmp %UserProfile%\Start Menu\Windows System Suite.lnk %UserProfile%\Start Menu\Programs\Windows System Suite.lnk
How to Remove Windows System Suite
This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections. MBAM scanner is distributed for free.Boot Windows in Safe Mode With Networking
1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid Windows System Suite from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.
Remove Windows System Suite with MalwareBytes' Anti-Malware
2. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file mbam-setup.exe to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, Malwarebytes' Anti-Malware will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Windows System Suite.
10. Restart your computer.
Note: If Windows System Suite prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.