The prolific and frustrating VUNDO trojan family is currently in the process of bringing a new gift to those with the misfortune of being infected with the vundo trojan. This is a new rogue antivirus application known as Volcano Security Suite. It appears as though it may be delivered by attack sites (sneak downloads) as well as via the vundo trojan. Of course, it’s not a legitimate security suite and brings or creates files so that it can complain that they are virally infected and pose a threat to your computers security. Read on for more information about how to remove volcano security suite.
Among the files that volcano security suite creates to complain about are:
The files are harmless although it will claim that they are infected and cannot remove them unless you pay for Volcano Security Suite (surprise, surprise, surprise!) Other things this rogue does is alter the registry so that attempts to run antivirus programs result in other applications being launched instead. It also hijacks web browsing through internet explorer and searches will be pushed through search-gala.com. There will also be random errors along these lines in Internet Explorer:
This tab has been recovered
A problem with this webpage caused Internet Explorer to close and reopen the tab.
Internet Explorer has closed this webpage to help protect your computer
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
Windows Data Execution protection detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or malicious add-on.
We are unable to return you to google.ca.
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
When a website causes a failure or crash, Internet Explorer attempts to restore the site. It stops after two tries to avoid an endless loop.
First off you should download malwarebytes antimalware and process explorer from the virus removal toolkit page. You will likely need to either 1) rename the malwarebytes installer file to something else to allow it to install and run 2) reboot into safe mode to install malwarebytes or 3) follow through with a more manual install until you are able to install and run malwarebytes antimalware.
For manual removal the following running processes are associated with Volcano Security Suite and should be killed off using task manager or process explorer. If you are unable to run task manager or process explorer you may try renaming the program file (taskmgr.exe for instance) to another file name. (Copy and paste, then rename is safest.)
The following dlls should be unregistered and removed:
The following files and folders should be removed for a manual removal of volcano security suite:
%docs%All UsersApplication Data61a60
%docs%All UsersApplication Data61a60VS83b.exe
%docs%All UsersApplication DataVSSSys
%docs%All UsersApplication DataVSSSysvss.cfg
%userprof%Application DataMicrosoftInternet ExplorerQuick LaunchVolcano Security Suite.lnk
%userprof%Application DataVolcano Security Suite
%userprof%Application DataVolcano Security Suitecookies.sqlite
%userprof%DesktopVolcano Security Suite.lnk
%userprof%Start MenuVolcano Security Suite.lnk
%userprof%Start MenuProgramsVolcano Security Suite.lnk
Even after the above files have been removed you should install and run a full scan with a tool such as malwarebytes and a trusted antvirus program to complete your volcano security suite removal.
Related PostsRelated Posts
- How to Remove Windows System Defender | Removal Guide Windows System Defender is a new rogue antivirus software along the lines of Windows PC Defender (See the Windows PC Defender Removal guide) (I believe it's the same family of malware.) It claims to be a powerful and effective antivirus and antispyware suite, but will overwhelm you with warnings and......
- How to Remove SecureKeeper | Secure Keeper Removal SecureKeeper is a rogue antivirus application in the Wini family (with their recent new look user interface.) The Wini family is a very long running line of rogue security applications that have been producing two to three different rogues each week. Of course, the primary changes are the names, but......
- How to Remove Personal Security | Personal Security Removal Guide Personal Security is a rogue antivirus application that comes from the same (dreaded) family as the Cyber Security rogue. It usually installs on the users computer without the permission of the computer user. Once installed on the system it will then perform supposed scans finding lots of virus infected files......
- Most Popular and Useful Security Apps for a Smart Phone The following is a post from staff writer Crystal at Budgeting in the Fun Stuff, where she writes about finding the balance between paying your bills, saving for your future, and budgeting in the fun stuff along the way. Buying a smart phone is a major investment because you spend......
- CA Security Comprehensive Internet Security & Data Protection CA Internet Security Suite Plus, an all-in-one security suite, gives you maximum protection against viruses, spyware, and other internet threats that can compromise your privacy and harm your PC. CA Internet Security Suite Plus Comprehensive Virus and Spyware Protection CA AntiVirus Plus keeps......
- Corporate Blog Security Issues If you are planning on starting your own corporate blog or executive blog, or if you already have a corporate blog that you are writing in, then one of your greatest concerns should be corporate blog security issues. There are a variety of different corporate blogging security issues that you......
- How to Remove Windows System Defender | Removal Guide
- How to Remove Windows Enterprise Defender (Removal Guide)
- How to Remove Windows Enterprise Suite | Removal Guide
- How to Remove Windows PC Defender | Windows PC Defender Removal
- Remove Total Security 2009 | TotalSecurity 2009 Removal