SecuritySoldier is the latest in the WiniGuard Family (SecurityFIghter, SaveArmor, SaveDefender are just the names that came out in the last week.) These busy bees have pretty much just renamed the program and files. It looks the same as each of the recent previous rogues. Just as those do it may install via trojans or web exploits and claim that you have security problems on your computer that it will then be able to fix if you pay for their software. All warnings are trumped up, i.e. not legitimate and it really doesn’t clean up anything. Read on for How to Remove SecuritySoldier.
One thing I should mention about so many of these rogue antivirus programs. Once they are on your system they can do most anything. So, for instance links on webpages can be hijacked and redirected to pages that they want you to see. I noticed an odd exit link in my logs last night and on investigation it was a page to receive payments for alpha antivirus. So, I went to the alpha antivirus removal page to see if there was any link with that address on the page. There wasn’t, there were only links to the tutorial itself, other removal guides and the page for my virus removal toolkit. So, I can only assume someone was browsing from a machine with alpha antivirus already installed and it hijacked the link. It’s usually best to look for removal help from a machine that’s not infected. You really never know what other things it could do after it’s installed on the system. The malwarebytes antimalware download could be substituted or altered with something else – so download your cleanup tools on a clean system if at all possible.
First I would download malwarebytes antimalware from my virus removal toolkit page. Try installing that and run an update and then scan. Alternatively you may boot into safe mode and try scanning if the first fails to work.
The following domain should be blocked.
The following processes should be found and killed off in task manager. The process names are:
These processes could interfere with cleanup. If you have failed with the automatic removal with malwarebytes you might retry after this is done.
The following dll needs to be unregistered and removed:
(Possibly randomized name – look for similar patterns to dll names.)
Then remove the following files and folders:
%DocRoot%All UsersStart MenuProgramsSecuritySoldier
The above filenames may include some randomization so use what you see above as a pattern to find the files that SecuritySoldier has dropped. You may need to use what you find to then go back and remove the dll file listed above. For complete securitysoldier removal you should run malwarebytes antimalware (and update it) again after removing files manually to ensure that you have removed it from your system.
Related PostsRelated Posts
- How to Remove Antivir | Antivir Removal Guide Antivir is a rogue antivirus application that is pushed through web site popup ads on unsuspecting users. Basically in web browsing you may see a popup claiming that your computer is infected and you should run a malware scan. Clicking to proceed will probably show an animation of a scan......
- How to Remove GuardPCs | GuardPCs Removal Guide GuardPCs looks like the latest entry from the wini family of rogues. (They just keep churning out new ones every other day it seems.) They're using the same template these days of course, just the names change. This one, as the others, is pushed through bogus video codec or flash......
- How to Remove MaCatte Antivirus 2009 | Removal Guide MaCatte Antivirus 2009 is a rogue antivirus application that hopes you will mistake it for the popular McAfee antivirus. Their look and feel is very similar to that of McAfee, but as most rogue antivirus applications it is a program that will give you little more than falsified warnings about......
- How to Install a Home Security System: Most Common Pitfalls Installing a home security system might seem easy. To be sure, it’s a lot easier to install one today than it was just a decade ago. Inexpensive consumer electronics components combined with robust wireless technology means that even an amateur can put in a decent system. Just because it’s easy,......
- FlashGet My Download I've been using FlashGet for so many years I don't even remember since when or what version it was when I tried it. At that time the software was still not very popular and most people that I knew used other download helper software. I knew about FlashGet from Download.com......
- SEO Principles for WordPress Blogs WordPress is a relatively SEO friendly blogging tool to begin with. It offers a linking structure that makes it relatively easy for spiders to crawl your pages, and the code contains very little validation errors if any at all. However, there are a few additional steps that you can follow......
- How To Remove Alpha Antivirus (Removal Guide)
- Remove SafetyKeeper | SafetyKeeper Removal
- Remove SaveDefender | SaveDefender Removal
- How to Remove SafeFighter | Safe Fighter Removal Guide
- How to Remove TRE Antivirus | TRE Antivirus Removal Guide