SYS Secure .EXE

Sorry folks, those that read my rants. I have been on somewhat of a hiatus. I have been busy with a sudden rash of computer problems. I am back to post yet another blog.

A few weeks ago I published a rant on a virus. This virus has a file name of “SysSecure” with the “.exe” extension. It first appeared in “Programs and Features” located in the Control Panel.

At the time of the first posting; my computer’s browser started acting weird. Pages wouldn’t load, slow page loads ,etc. Nothing showed up in Task Manager; Ctrl-Shift-Esc Next, I looked in Control Panel- Programs a features. The file appeared there; I know what is running on my computers. I uninstalled the file; click the file name and then select the uninstall tab at the top of Control Panel.

My post was that this was a pretty easy virus to remove. I was wrong,kind of. I did some research on this file after the uninstall to determine if indeed it was a virus. What I learned was that this file creates several other files and writes to the Windows Registry.

About once a week, at first, this file would return slowing down my browser and misloading pages. Each time I would uninstall the file. I wanted to see the evolution of this virus so this was the extent of my removal efforts. Please keep in mind that NONE of the antivirus, antispyware and antimalware have detected this. Files that are downloaded with other programs WILL inherit rights that the parent file or program has;meaning you allowed it even though that file was probably hidden.

This virus has evolved enough that it has upgraded itself and now appears two or three times a week. To check for this file just type in the file name in the Start menu Search Bar or in windows explorer’s search bar. You will need to remove ALL of these files.

The next part is complicated and relies on removing a file from the Windows Registry. I will not provide instructions for editing the registry. Editing the registry needs to be done by a professional as you can permanently damage your operating system.

If you run into this file you can “Google” the process for removal. If you decide to edit the registry be sure to make a copy of the registry BEFORE attempting to edit the registry.

For now i have this virus somewhat contained; I want to follow it a bit more before I nuke it. If anyone has run into this, please share.

6/16/2016

Sys Secure. Exe

Following up on an earlier post; I had originally reported that this virus was pretty easy to defeat. I discovered that it was not. This virus, this file would randomly pop up in “Programs and Features”. I knew when it would become active again because my system would slow to a crawl. Browser pages would either not load or would load incompletely.
To remove this virus I went through my usual steps. I identified the file through Control Panel and Programs and Features. I uninstalled the file after confirming that this was a viral program. I also did a search of computer files and removed two more instances of this same file. I understood at this point that the file had probably written itself to the Windows Registry. The registry is a list of files that windows uses to start services and processes when your computer reboots. Out of curiosity, I decided to let the virus run its course and took notes of its characteristics as it advanced. I had at that time two active antiviral and anti-spyware programs running.
At first the file would surface once or twice a week. The frequency increased over time. This file also updated itself to a newer version. It is possible that this file was not a virus itself, but a program that would allow viruses into the system. The end result was a complete hard drive failure due to a corrupted Master Boot Record or the MBR. I keep critical data backup on removable devices and I have several Operating Systems disks. I was able to restore my data to a larger hard drive with a new OS.
The old drive remains unreadable and un-writable. The conventional means of reformatting this drive have proven to be fruitless. I will attempt a low-level format to make the drive usable again; but that will be for another blog.