• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Megan D.

System Security 4.52 Spyware Remover

6 posts in this topic

It appears that my father's desktop computer has been hijacked by a program called System Security 4.52. I get a message on a blue screen that says WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE! ect ect going on to say more is smaller font, and ending in: SECURE YOURSELF RIGHT NOW! REMOVE ALL SPYWARE FROM YOUR PC!


It won't allow me to run any programs, so I'm posting from another computer. Windows won't let me into safe mode, and instead gives me this message: We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change may have occurred...etc.


I'm posting from my laptop trying to figure this out, but there seems to be no way to do anything. Help please?

Share this post

Link to post
Share on other sites

Hi Megan D., and Welcome Back


Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

On a clean system, download The Avira AntiVir Rescue System from here.

  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your infected computer.

You'll get a boot option to either boot from hard drive or AntiVir Rescue System (it's possible that you may need to change boot options in your CMOS settings to allow booting from the CD/DVD drive).



Press the number 2 on your keyboard to boot into AntiVir Rescue System.


Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.



Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.



Then please start the scan.


The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.

After the utility has completed, remove the disc and restart your system.


Now see if you can Run HijackThis and post a log.

If you can't, rename HijackThis.exe to myprogram.exe and see if it will run.

If that doesn't work, see if you can boot to Safe mode and run HijackThis.

Share this post

Link to post
Share on other sites

So, I burned the program to a disk and ran a successful scan. Then I rebooted the computer, started Windows normally, and I got the same message again. I'm thinking my dad deleted HijackThis for some (most certainly stupid) reason, since its not on the computer anywhere. I burned HijackThis.exe to a disk and loaded it, then drug it to the desktop. When I tried to run it and got the message "WARNING! Application cannot be executed. The file hijackthis.exe is infected. Please update your antivirus software." Then I renamed it as myprogram.exe as you suggested and got the same message again. Safe mode still won't work, and is giving me the same message about changes having been made to the software or hardware. I'm ready to throw this hunk of junk out the window.

Edited by Megan D.

Share this post

Link to post
Share on other sites

Download the following file and save to your desktop.


If necessary, download it from a clean uninfected system and burn it to CD/DVD to transfer to your system.


Then follow the instructions here for:

If MBAM is not installed


MBAM won't run(Fix), SystemSecurity


After following those instructions, please post a new HijackThis log and note any errors encountered.

Share this post

Link to post
Share on other sites

Okay, so I've followed your instructions. I renamed mbam to winlogon and it worked, but now once it gets to a certain point in the scan, a bunch of popups appear, then the screen zooms in so nothing but a few words of the hijacked desktop warning appear, and then the computer flashes a blue screen with a message before rebooting. I'm trying to perform a scan for the third time now, and I'll try to watch to see if there's any way I can prevent the scan from stopping midway.


Any suggestions to keep it from rebooting mid-scan?

Share this post

Link to post
Share on other sites

You mention renaming mbam.exe to winlogon.exe. Did you already have MBAM installed?

Try running the scan from Safe mode.


Did you try running procexp.exe renamed to winlogon.exe and killing the System Security process?

If not, try that to see if following those instructions you can find the process and kill it. When you do that, if you find the process with the shield, write down the file name.


Now use Windows Search (Start > Search > For Files or Folders), to search for and delete the file you found.


Then try and re-run MBAM. If you can, be sure you update MBAM.


After that, Download ComboFix© by sUBs from one of these locations:





* IMPORTANT !!! Save ComboFix.exe to your Desktop


Familiarize yourself with ComboFix before running it:



  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware. When finished, it will save a log.

Please include the contents of the log at C:\ComboFix.txt in your next reply.


Then please post a new HijackThis log, the log from MBAM, let me know what the file name was for the System Security process if you have that, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  
Followers 0