Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Personal Security Analysis and Removal

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

On being redirected to a compromised website, this scareware displays a message ” Warning!!! “Your personal computer needs to install antivirus software! Personal Security can perform fast and free virus and malicious software scan of your computer”

The fake scan is simulated with the use of javascript and gif animated images irrespective of whether the OK or Cancel button is pressed.


personal security scareware008 Personal Security Analysis and Removal

Personal Security Scare Messages

The Website uses Javascript to display many warning messages, some of them are:

  • Harmfull spyware or adware software. Such vulnerabilities can destroy or steal your private info and mail. On-lines scan should install Personal Security utilities to fix your pc. Please click OK to download and install Personal Security tool.
  • Computer scan completed successfully. 31 Malware programms was found!
  • This computer is in danger with malware!’ ‘They can seriously harm your private data or files, and should be healed immediately.”Return to Personal Security and download it secure to your PC
  • Computer might be affected by spyware or other types of viruses! Your mail, passwords and private documents might be in danger, protect your PC immediately ‘Return to Personal Security and download it secure to your PC
  • All information on your PC could be stolen by attackers

Once the trojan downloader is executed the installer for Personal Security is displayed. The user needs to agree to download and install the scareware. The Personal Security scareware also installs the infamous Fake Windows Security Center as a means to goad the user to purchase a subscription.

personal security scareware009 Personal Security Analysis and Removal

The rogue security software then proceeds to run a fake scan and identifies non-existent files as high and medium risk malware infections. The user is also warned that they may lose their personal data and infect their other network computers. This scan is run at every restart.

A rogue security software such as Personal Security belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

The trojan dropper in this instance is named Inst_102.exe and 195584 Bytes in size. It is detected by 9/40 (22.5%) of the virus engines available at VirusTotal. It is detected in various names such as Trojan.Win32.FakeAV!IK, Win32.Packed.Katusha.e.9, Trojan.Win32.FakeAV, Trojan-Downloader.Win32.FraudLoad.gbi, Trojan:Win32/FakeXPA and Win32.Malware!Drop.

The main executable of the scareware is psecurity.exe and is about 1279488 bytes in size. It is detected by 3/41 (7.32%) of the virus engines available at VirusTotal.

Personal Security Associated Files and Folders

  • C:Program FilesPSecuritypsecurity.exe
  • C:Program FilesCommon FilesPSecurityUninstallUninstall.lnk
  • C:Documents and SettingsAll UsersStart MenuPSecurityComputer Scan.lnk
  • C:Documents and SettingsAll UsersStart MenuPSecurityHelp.lnk
  • C:Documents and SettingsAll UsersStart MenuPSecurityPersonal Security.lnk
  • C:Documents and SettingsAll UsersStart MenuPSecurityRegistration.lnk
  • C:Documents and SettingsAll UsersStart MenuPSecuritySecurity Center.lnk
  • C:Documents and SettingsAll UsersStart MenuPSecuritySettings.lnk
  • C:Documents and SettingsAll UsersStart MenuPSecurityUpdate.lnk
  • C:Documents and Settingsmalware_helpDesktopPersonal Security.lnk
  • C:Documents and Settingsmalware_helpApplication DataMicrosoftInternet ExplorerQuick LaunchPSecurity.lnk
  • C:WINDOWSsystem32UpdateCheck.dll
  • C:WINDOWSsystem32win32extension.dll
  • C:WINDOWSPrefetchPSECURITY.EXE-2DBDA1BB.pf
  • C:Program FilesPSecurity
  • C:Documents and SettingsAll UsersStart MenuPSecurity
  • C:Program FilesCommon FilesPSecurityUninstall

Some of the file names may be randomly generated.

Personal Security Associated Registry Values and Keys

  • HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunpsecurity
  • HKEY_CLASSES_ROOTCLSID{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc}
  • HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc}
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc}
  • HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstallPSecurity
  • HKEY_LOCAL_MACHINESystemCurrentControlSetServises
  • HKLMSoftwareClassesCLSID{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
  • HKCRCLSID{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
  • HKCRCLSID{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}InprocServer32#ThreadingModel
  • C:WINDOWSSYSTEM32WIN32EXTENSION.DLL

Personal Security Associated Domains

This scareware was observed accessing the following domains during installation and operation:

  • http://antispylistm com/scan1/?pid=102
  • http://windowssp3download com/?b=1s1
  • http://winupdateserver com
  • http://protected.advancedsecbilling com

Note: Visiting the domains mentioned above may harm your computer system.

Personal Security Removal (How to remove Personal Security)

The free versions of MalwareBytes’s Anti-Malware Free edition and SuperAntiSpyware appear to remove Personal Security Scareware.

  1. Use an alternate browser like Firefox or Chrome to download and Install either MalwareBytes’s Anti-Malware or SuperAntiSpyware from the links above.
  2. Also download CCleaner.
  3. Boot in to Windows Safe Mode.
  4. Click to scan with your chosen software. Check mark all instances of the rogue security software and delete them.
  5. Turn System Restore off and on
  6. Install, scan and clean the temporary files with CCleaner.

You should now be clean of this rogue.

Personal Security Scareware — Screenshots

Personal Security Scareware — Video

Note: The Personal Security rogue security software installation and removal was tested on a fully patched Windows XP SP3 running updated versions of Internet Explorer and Firefox. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

You may also like to read



{ 8 comments… read them below or add one }

David December 7, 2009 at 6:43 AM

i came across this “personal security” problem, and was tipped off by the disappearance of my ie window with a single warning pop-up centered on my desktop…did a ‘ctrl+alt+del’ to start task manager, then dumped ie session…
thanks for the info so I could double check that none of the files associated with this sucker made it on my system. If I am mistaken, please email a warning.

I went and found the site which triggered this pop-up and googled

‘roblproperties.com+adware’

and got THREE PAGES of sites all with the prefix

roblproperties.com/uwsco
followed by

/(bunch of names).php

I hope this helps your work, I am sure others will be hit with this sucker before long.

Reply

Michael Ditkowsky December 27, 2009 at 12:48 PM

The program doesn’t let you download any software. We sent a message to the company that created Personal Security on the “customer service” link that we would track them down and sue them for attacking our kids computer. They emailed this solution and it worked in less than one minute. We still downloaded and ran an antispyware program afterwards to make sure nothing remained. This was their response which worked:

“Dear customer,

Thank you for contacting Customer Support Center.
Please follow my instructions to uninstall the program:
Paste the following string to Windows Explorer address bar and execute it (Press Enter key):
C:\Program Files\Common Files\PSecurityUninstall\Uninstall

or

1. Open My computer, choose Disk C;
2. Find Program Files=>Common Files=>PSecurityUninstall=>Uninstall
3. Run the file Uninstall.lnk

After that our product will be removed.Sometimes it takes more than one try to remove the product due to temporary technical difficulties, so please try to do it several times.
If you have any questions concerning our software, please contact our Customer Support Service.

With best wishes,

Customer Support Team”

Reply

Teresa Walker December 30, 2009 at 5:31 AM

I want to thank you for this web site. I have been having problems with Personal Security since yesterday(12-28-09) around 9 am. Today when I got on my computer I could not do anything at all. I could not get on the internet and all of my icons on the desk top were gone. Personal Security kept popping up wanting me to download their program. I did not have a good feeling about Personal Security from the very start and now I was in a panic. My friend download spywaredoctor on a cd but Personal Security blocked everything I tried to do. By this time all I could do was cry and pray. I managed to get on the internet and I came to your site. Thank God for this site and for Michael Ditkowsky. I followed the instructions in his comment and now the bad Personal Security is gone from my computer. I highly recommend that if anyone is having this problem to do the same. Thank both of you and God Bless You.

Reply

Nageshwar January 2, 2010 at 1:36 PM

Thanks for Michael Ditkowsky…
I was irritated by this software n was unable even ti insatll software to prevent Ps…
Finally the instructions given worked ..

Reply

Anonymous January 24, 2010 at 11:05 AM

This web site info saved my life. I had this fake personal security stuff on my computer for 4 days. I tryed to deleat it, uninstall it, system restore, everything i could think of. I was even going to pay norton $120 to fix the problem but decided to look one more time online for a solution and found this link with the simple simple fix:
1. Open My computer, choose Disk C;
2. Find Program Files=>Common Files=>PSecurityUninstall=>Uninstall
3. Run the file Uninstall.lnk

After that our product will be removed.Sometimes it takes more than one try to remove the product due to temporary technical difficulties, so please try to do it several times.

Thanks Michale D.

Reply

Phyllis Hersey March 23, 2010 at 5:54 AM

Oh Thanks so much for your info, I was almost in a panic over that damn “Personal Security” now it’s gone, I believe thanks again

Reply

Richard May 5, 2010 at 8:06 AM

I followed the direction from Michael D above
1. Open My computer, choose Disk C;
2. Find Program Files=>Common Files=>PSecurityUninstall=>Uninstall
3. Run the file Uninstall.lnk

As soon as it ran, I then went and am downloading and installing AVG Free and Spybot Search and Destroy.

Thanks for the help!

Reply

Shanese May 21, 2010 at 10:01 AM

This is awesome my computer was running very weird and I could not complete my registration for school or do anything for my kids online. It took a little time but the steps are easy to follow and now my computer runs better and faster than it did when I first got it.. I was freaking out trying to figure out how I was gonna pay someone to fix this and Thanks to this awesome website I was able to fix the problem myself. You guys are awesome and this was truly a blessing and I will most definitely refer my friends and family to you.

Thanks soooooooo much!!!!!!

Reply

Leave a Comment

Previous post:

Next post: