The prolific and frustrating VUNDO trojan family is currently in the process of bringing a new gift to those with the misfortune of being infected with the vundo trojan. This is a new rogue antivirus application known as Volcano Security Suite. It appears as though it may be delivered by attack sites (sneak downloads) as well as via the vundo trojan. Of course, it’s not a legitimate security suite and brings or creates files so that it can complain that they are virally infected and pose a threat to your computers security. Read on for more information about how to remove volcano security suite.
Among the files that volcano security suite creates to complain about are:
The files are harmless although it will claim that they are infected and cannot remove them unless you pay for Volcano Security Suite (surprise, surprise, surprise!) Other things this rogue does is alter the registry so that attempts to run antivirus programs result in other applications being launched instead. It also hijacks web browsing through internet explorer and searches will be pushed through search-gala.com. There will also be random errors along these lines in Internet Explorer:
This tab has been recovered
A problem with this webpage caused Internet Explorer to close and reopen the tab.
Internet Explorer has closed this webpage to help protect your computer
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
Windows Data Execution protection detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or malicious add-on.
We are unable to return you to google.ca.
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
When a website causes a failure or crash, Internet Explorer attempts to restore the site. It stops after two tries to avoid an endless loop.
First off you should download malwarebytes antimalware and process explorer from the virus removal toolkit page. You will likely need to either 1) rename the malwarebytes installer file to something else to allow it to install and run 2) reboot into safe mode to install malwarebytes or 3) follow through with a more manual install until you are able to install and run malwarebytes antimalware.
For manual removal the following running processes are associated with Volcano Security Suite and should be killed off using task manager or process explorer. If you are unable to run task manager or process explorer you may try renaming the program file (taskmgr.exe for instance) to another file name. (Copy and paste, then rename is safest.)
The following dlls should be unregistered and removed:
The following files and folders should be removed for a manual removal of volcano security suite:
%docs%All UsersApplication Data61a60
%docs%All UsersApplication Data61a60VS83b.exe
%docs%All UsersApplication DataVSSSys
%docs%All UsersApplication DataVSSSysvss.cfg
%userprof%Application DataMicrosoftInternet ExplorerQuick LaunchVolcano Security Suite.lnk
%userprof%Application DataVolcano Security Suite
%userprof%Application DataVolcano Security Suitecookies.sqlite
%userprof%DesktopVolcano Security Suite.lnk
%userprof%Start MenuVolcano Security Suite.lnk
%userprof%Start MenuProgramsVolcano Security Suite.lnk
Even after the above files have been removed you should install and run a full scan with a tool such as malwarebytes and a trusted antvirus program to complete your volcano security suite removal.
Related PostsRelated Posts
- How to Remove Cyber Security | Cyber Security Removal Guide Cyber Security is a rogue antivirus application. It is in the same family as totalsecurity (total security Removal Guide) and SystemSecurity. This software installs through web popups and trojan horse activity makes false claims about your system being compromised by viruses and other security problems, hijacks we browser activity claiming......
- How to Remove Enterprise Suite | Enterprise Suite Removal Guide Enterprise Suite is a rogue antivirus application that is a successor to Windows Enterprise Suite. Enterprise Suite is usually installed without permission on a machine and displays numerous fake scans and popups claiming that the system is infected with multiple viruses. All of these claims are falsified and should not......
- How to Remove ActiveSecurity | Active Security Removal Guide ActiveSecurity is a rogue antivirus application that uses graphics to indicate a similarity with Microsoft Security Center. It installs via malware including trojans and brings several files along with it when it installs that it then claims are viral and that in order to clean up the mess the user......
- Bayonet Golf Course, Seaside, CA Bayonet Golf Course is located in Seaside, CA Phone: 831-899-7271 Website: http://www.bayonetblackhorse.com Course History: The Bayonet golf course is one of two courses at this location. The Black Horse course integrates with this one and you can choose to play one or the other, or mix it up with nine......
- Bitdefender VS Malwarebytes In a recent lab test, we decided to see what software is better at finding Malware. On a machine running Bitdefender we decided to install and run Malwarebytes to see if it would pick up anything. And it did. Bitdefender has been sitting on: Trojan.Downloader Trojan.FakeAlert Disable.SecurityCenter Malwarebytes picked up......
- Corporate Blog Security Issues If you are planning on starting your own corporate blog or executive blog, or if you already have a corporate blog that you are writing in, then one of your greatest concerns should be corporate blog security issues. There are a variety of different corporate blogging security issues that you......
- How to Remove Windows System Defender | Removal Guide
- How to Remove Windows Enterprise Defender (Removal Guide)
- How to Remove Windows Enterprise Suite | Removal Guide
- How to Remove Windows PC Defender | Windows PC Defender Removal
- Remove Total Security 2009 | TotalSecurity 2009 Removal