How to Fix Antivirstrong Security Suite – Security Suite Virus Blocking Internet Explorer to Connect Even in Safe Mode with Networking
Author: Tom Parks
How to Fix Antivirstrong Security Suite – Security Suite Virus Blocking Internet Explorer to Connect Even in Safe Mode with Networking
You probably might be at the peak of frustration, why the hell this security suite virus don't leave off your PC. Whatever exe you try to run, it says your application is infected. It is ot allowing you to system restore…and it blocked all your legitimate antivirus programs. It has hijacked your internet explorer, you are unable to connect to internet even in safemode with networking.
The following fake warnings will be shown
Antivirus software alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, trojan – dropper or similar.
Threat: BankerFox.A
Do you want to block this attack? Yes or No
Windows Security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer.Your system might be at risk now
Security Warning
Application cannot be executed. The file notepad.exe is infected. Do you want to active your antivirus software now?
Last but not least, Security Suite Antivirus will hijack Internet Explorer so that it will randomly show a warning page with the "Internet Explorer Warning – visiting this web site may harm your computer!" header. Of course, all of above warnings and alerts nothing more but a scam and like false scan results should be ignored!
Security Suite is rootkit virus that disguises as windows system file…which cannot be found by antivirus programs. This is the reason why the virus is not an easy thing to tackle with regular malware programs.
Security Suite Removal Internet Explorer Unable to Connect to Internet - Security Suite Virus Hijcked Internet Connection
1. Edit the Host File (all the steps explained below) (check if you are able to connect to internet in safe mode with networking …if not proceed to 2nd step)
2. Change Proxy Settings (if you're still unable to connect to net)
Reimage works by comparing each and every OS system files with the correct files from a web repository of 25 million Windows components. (since Reimage works by comparing with correct file, it can easily find the hiding rootkit, infact this is what a rootkit remover do……dumps a list of files from your hard disk drive and compares it with the list from the recovery console in order to find a hiding virus) This is the sole reason you can get a PC as good as new once you run Reimage, all other antivirus and antimalware programs just delete the virus….but they don't correct the damage…which results in re-infection and slow performing PC.
Reimage first scans your computer thoroughly; all the files, folders, registry keys and values, drivers, softwares, stacks and then either repair or remove those stuffs that should be there. But it's not just that it does. They have an enormous web repository of application, drivers, system objects, etc. from where they compare your PC's files and if corrupted replace it with the healthy ones.
The problem here is Security Suite virus changed the HOSTS File, or changed Proxy Settings.
1. Mend Hosts file: The HOSTS file is used to translate a host name to an IP (Internet Protocol) address without querying the DNS (Domain Name System) server. In general if you know the host name of the machine that serves the unwanted content, you can redirect it to 127.0.0.1, which is the local IP address of your machine.
For example, assume you have redirected the ad.doubleclick.net ad server to 127.0.0.1. Every time your browser tries to load an image or a flash animation from the ad.doubleclick.net ad server, it will be redirected to your machine instead.
As a result, the browser will not be able to show any content from this ad server. The same message appears when a web site is unavailable for other reasons that HOSTS file blocking. The HOSTS file is named 'hosts' and editable with any text editor, such as Notepad or Wordpad.
The file generally appears at: •'C:\Windows\System32\Drivers\Etc\hosts' on Windows XP
Before editing, backup the current HOSTS file. You need to delete all the lines from this hosts file except "127.0.0.1 localhost".
The other entires you saw there need to be removed as they are malicious. (This is why IE unable to connect, because the HOSTS file block the huge list of websites…and you get a warning that "The Page cannot be displayed") After removing the entries from hosts file, please save this file and close it. Now you should be able to search on Google. If not,
2. Change Proxy Settings: Start your PC in safe mode with networking, If you can`t run the IE, then you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck "Use a proxy server" box. Click OK. Click Apply. Click OK. And go to http://reimagepcrepair.com/ to run a Scan.
But one of my subscriber mailed this " But after I unchecked use a proxy server, and then ok, Apply was not an option to click. Another idea?"
So am giving you more options…
1. Run Internet Explorer, Click Tools -> Internet Options
2. Select Connections Tab and click to Lan Settings button
3. Click Advanced button to open Proxy settings. Copy and paste the following text into "Do not use proxy server for addresses beginning with:" go.trendmicro.com;pcfixeasy.blogspot.com;reimagepcrepair.com; (whatever list of web address you would like to use)
4. Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings. (Now you should be able to click 'ok')
5. Download HijackThis. NOTE: before saving it onto your computer rename HijackThis.exe to iexplore.exe
6. Double click renamed iexplore.exe. Then click "Do a system scan only" button and look for similar entries in the scan results as shown below:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] C:\Documents and Settings\Username\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
O4 – HKCU\..\Run: [{RANDOM}] C:\Documents and Settings\Username\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
7. Once you have selected all entries, close all running programs then click once on the "Fix checked" button. Close HijackThis.
8. Go to http://reimagepcrepair.com/ and run a scan
You can also learn more about fixing security suite virus and for detailed pictures, visit http://pcfixeasy.blogspot.com/2010/08/remove-security-suite-virus-security.html
About the Author
Tom Parks works for Microsoft. He is currently researching on PC optimization and system security. He is also an avid gamer and owns xbox, PS3, Nintendo Wii, Dsi and PSP.