Windows 8 Security System is a rogue anti spyware that may prove to be very dangerous to your computer. If you are getting continuous pop up security alerts, then your computer is, most likely, affected with the Windows 8 Security System. It pretends to be a legitimate program, but it finds illegal ways to enter your computer and installs itself without your permission. It makes itself legal by changing the registry key values so that your antivirus cannot detect its presence. The Windows 8 Security System works in the background and start working when you start your computer. It will steal your personal and financial information like user name, password or your credit card number. The Windows 8 Security System sells this information to the hackers, who then misuse your personal information.

The Windows 8 Security System also installs other malicious programs into your computer. It takes complete control of your computer and does not allow you to perform anything. You cannot even access the windows task manager or registry editor to remove the malicious program completely. Some common messages, on the detection of Windows 8 Security System, are:

Threat detected!

Security Alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe.

Recover your PC from the infection right now, perform a security scan.

Remove Windows 8 Security System processes

  1. Go to start button and select the option run from the menu.
  2. Type taskmgr in the space called ‘open’ and press Ok.
  3. This opens the windows task manger. If you want to open the Windows task manager quickly, Press ALT+CTL+DEL.
  4. From the windows task manager, select the tab which is called ‘processes’ from the many other tabs at the top of the windows task manager window.
  5. You will need to find the following process to stop running the Windows 8 Security System:

Random.exe

  1. Right click on the found process and press the button Delete.

Remove Windows 8 Security System registry entry files

  1. Press the Windows key and key ‘R’ from your keyboard.
  2. This will quickly open the Run program.
  3. Type ‘regedit’ in the tab and press Ok.
  4. Click on Edit from the file menu and then on find from the right most section of the registry editor.
  5. Write the registry entry key values one at a time and press Ok.
  6. When the result is shown; right click on the found result and select the option Modify then press Delete.

The Windows 8 Security System registries entries that you need to find out are:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\112da10e6b8dcd07

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random2]

HKEY_CURRENT_USER\Software\WinUltraAntivirus

random2 – name of the rootkit file name.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random2]\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_1FE50\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\112da10e6b8dcd07

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random2]\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_1FE50\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random2]

HKEY_CURRENT_USER\Software\WinUltraAntivirus

random2 – name of the rootkit file name.

Remove Windows 8 Security System other files

  1. Click on Search after clicking on start button.
  2. Find the option ‘For files and folders’ and click on it.
  3. Enter the Windows 8 Security System file name and make sure to select the option ‘Local hard drives’.
  4. This will limit the search query operation time and you will get the result quickly.
  5. Right click on the shown file and select the option Delete.
  6. The Windows 8 Security System files that you need to search are:

%System%\drivers\[random2].sys filename of rootkit, like %System%\drivers\142da10e6b8dcd07.sys

 

How to remove Windows 8 Security System?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>