Jump to content

Remants of rogue System Security 2009

Recommended Posts

I was running Ccleaner the other day and decided to run the registry cleaner part. I've avoided because I read here that if you don't know what you're doing, you can harm your system. Well, it came up with a System Security program folder that had some kind of orphaned files. I then located the folder itself, right-clicked, and scanned with Avira, Malwarebytes, and SUPERAntispyware. They all found nothing malicious. I looked around some more and found what appear to be legitimate Windows files with the name "System.Security." (Note the period.)

After scanning the odd System Security folder, I right-clicked and copied its two files to my desktop. Sometime later, I clicked on one. (Why? I don't know. Not very bright.) Malwarebytes instantly popped up and quarantined it as, something like, "a malicious process is trying to run on computer." The same thing happened with the other one. (Yes, I did this again.)

I was wondering why these were not discovered when they were apparently orphans. It's not just Malwarebytes, but every legitimate virus, spyware, adware, rootkit scanner in existence that didn't catch this folder. These rogue files have been in my system since July 11, 2009. Are they too deep in the system (HKey something?) to be detected? Is there a scanner that actually roots out deeply hidden stuff like this? Also ... when I clicked them, why would that trigger Malwarebytes if they were no longer attached to any executable program? (It must be noted that MBAM was the only one to react, and it was lightning swift.)

Finally, I can find no method in the MBAM program to send these files to MBAM's lab techs for inclusion in the database. Is there a way to do this? They remain in quarantine with the Reference numbers 17769, 20707, and 34687.



Link to post
Share on other sites

No, I just remembered something. I wrote my post incorrectly. I was not able to scan these folders with a right-click. I was surprised that I couldn't scan anything at all in the registry. That's why I sent them to the desktop, thinking that I could do so when they were not in the registry. This is when they activated somehow.

Sorry. I had been scanning other stuff on my computer and got the situations confused.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.