The prolific and frustrating VUNDO trojan family is currently in the process of bringing a new gift to those with the misfortune of being infected with the vundo trojan. This is a new rogue antivirus application known as Volcano Security Suite. It appears as though it may be delivered by attack sites (sneak downloads) as well as via the vundo trojan. Of course, it’s not a legitimate security suite and brings or creates files so that it can complain that they are virally infected and pose a threat to your computers security. Read on for more information about how to remove volcano security suite.
Among the files that volcano security suite creates to complain about are:
The files are harmless although it will claim that they are infected and cannot remove them unless you pay for Volcano Security Suite (surprise, surprise, surprise!) Other things this rogue does is alter the registry so that attempts to run antivirus programs result in other applications being launched instead. It also hijacks web browsing through internet explorer and searches will be pushed through search-gala.com. There will also be random errors along these lines in Internet Explorer:
This tab has been recovered
A problem with this webpage caused Internet Explorer to close and reopen the tab.
Internet Explorer has closed this webpage to help protect your computer
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
Windows Data Execution protection detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or malicious add-on.
We are unable to return you to google.ca.
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
When a website causes a failure or crash, Internet Explorer attempts to restore the site. It stops after two tries to avoid an endless loop.
First off you should download malwarebytes antimalware and process explorer from the virus removal toolkit page. You will likely need to either 1) rename the malwarebytes installer file to something else to allow it to install and run 2) reboot into safe mode to install malwarebytes or 3) follow through with a more manual install until you are able to install and run malwarebytes antimalware.
For manual removal the following running processes are associated with Volcano Security Suite and should be killed off using task manager or process explorer. If you are unable to run task manager or process explorer you may try renaming the program file (taskmgr.exe for instance) to another file name. (Copy and paste, then rename is safest.)
The following dlls should be unregistered and removed:
The following files and folders should be removed for a manual removal of volcano security suite:
%docs%All UsersApplication Data61a60
%docs%All UsersApplication Data61a60VS83b.exe
%docs%All UsersApplication DataVSSSys
%docs%All UsersApplication DataVSSSysvss.cfg
%userprof%Application DataMicrosoftInternet ExplorerQuick LaunchVolcano Security Suite.lnk
%userprof%Application DataVolcano Security Suite
%userprof%Application DataVolcano Security Suitecookies.sqlite
%userprof%DesktopVolcano Security Suite.lnk
%userprof%Start MenuVolcano Security Suite.lnk
%userprof%Start MenuProgramsVolcano Security Suite.lnk
Even after the above files have been removed you should install and run a full scan with a tool such as malwarebytes and a trusted antvirus program to complete your volcano security suite removal.
Related PostsRelated Posts
- How to Remove ActiveSecurity | Active Security Removal Guide ActiveSecurity is a rogue antivirus application that uses graphics to indicate a similarity with Microsoft Security Center. It installs via malware including trojans and brings several files along with it when it installs that it then claims are viral and that in order to clean up the mess the user......
- How to Remove Windows System Defender | Removal Guide Windows System Defender is a new rogue antivirus software along the lines of Windows PC Defender (See the Windows PC Defender Removal guide) (I believe it's the same family of malware.) It claims to be a powerful and effective antivirus and antispyware suite, but will overwhelm you with warnings and......
- How To Remove Alpha Antivirus (Removal Guide) There is a new rogue among us. It appears that Alpha Antivirus has replaced Personal Antivirus as one of the latest rogue security programs. This particular rogue installs through online "scans" (popups.) The reason I say "scans" is they're essentially animations of a scan (every one that visits the site......
- CA Security Comprehensive Internet Security & Data Protection CA Internet Security Suite Plus, an all-in-one security suite, gives you maximum protection against viruses, spyware, and other internet threats that can compromise your privacy and harm your PC. CA Internet Security Suite Plus Comprehensive Virus and Spyware Protection CA AntiVirus Plus keeps......
- Free Internet Security Suite FREE Avira Premium Internet Security Software 6 month license Avira Internet Security Suite 9 is a comprehensive extremely high performance and detection internet security suite complete with a virus scanner and more which offers protection from both known and unknown malware threats. With built in GameMode, Backup and RescueCD you......
- Bayonet Golf Course, Seaside, CA Bayonet Golf Course is located in Seaside, CA Phone: 831-899-7271 Website: http://www.bayonetblackhorse.com Course History: The Bayonet golf course is one of two courses at this location. The Black Horse course integrates with this one and you can choose to play one or the other, or mix it up with nine......
- How to Remove Windows System Defender | Removal Guide
- How to Remove Windows Enterprise Defender (Removal Guide)
- How to Remove Windows Enterprise Suite | Removal Guide
- How to Remove Windows PC Defender | Windows PC Defender Removal
- Remove Total Security 2009 | TotalSecurity 2009 Removal