In a post a while back, I wrote about how to remove Personal Security, a rather nasty piece of spyware. I recently had a computer in that was badly infected.
I tried removing it with MBAM, but it kept on returning. Annoyed, and not wanting to do a reinstall, I found a list of files, folders and registry entries to remove, after which the problem was solved.
Files:
c:\Program Files\PSecurity\
c:\Program Files\PSecurity\psecurity.exe
C:\Program Files\PersonalSec\
C:\Program Files\PersonalSec\psecurity.exe
C:\program files\PersSecurity\
C:\program files\PersSecurity\psecurity.exe
C:\program files\PersSecurity\system.dat
C:\Program Files\PersonSecurity\
C:\Program Files\PersonSecurity\psecurity.exe
c:\Program Files\Common Files\PSecurityUninstall\
c:\Program Files\Common Files\PSecurityUninstall\Uninstall.lnk
c:\WINDOWS\system32\win32extension.dll
c:\Documents and Settings\All Users\Start Menu\PSecurity
c:\Documents and Settings\All Users\Start Menu\PSecurity\Computer Scan.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Help.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Personal Security.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Registration.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Security Center.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Settings.lnk
c:\Documents and Settings\All Users\Start Menu\PSecurity\Update.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk
Registry entries
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PSecurity"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersonalSec"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersSecurity"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PersonSecurity"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinTSI 01.12.2009"
Keep in mind that not all of the entries show up, and even after removing them, you might still see Personal Security on the computer. At any rate, I’d recommend running a scan with MBAM after removing these entries.
Manually Removing Personal Security
Tags:
By posting a comment, you consent to our collecting the information you enter. See privacy policy for more information.