Home > Threats > PcsSecure

How to Remove PcsSecure

Posted on 25 January 2010 under Rogue Programs

1. What is PcsSecure?

PcsSecure is a misleading computer application, which attempts to delude user, stating that viruses have been identified on the system. In order to eliminate assumed computer threats, user will be required to purchase PcsSecure licensed version, what should activate virus removal function. Bear in mind that this is a fraud and no real threats can be removed with PcsSecure, even after the purchase. Furthermore, before infecting with PcsSecure, computer was free from viruses.

During the process of PcsSecure installation, certain amount of files each of which is named under mixed-character string (e.g. 1d74s9arse25z5.bin) will be dropped in "Windows" and "System32" directories, which will be later identified as computer threats.

In order to increase the user's level of concern, fake Windows Security Center will be installed, which will advertise PcsSecure. It is an effective method used to convince user that PcsSecure is recommended by Windows operating system. Acting on any faked Security Center alert will result in rogue payment page.

2. PcsSecure screen shot:


3. How to remove PcsSecure:

  1. Internet connection might be disabled or Internet browser might be blocked by PcsSecure, so it won't be possible to download any files to infected computer. In this case please download all files required for PcsSecure removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove PcsSecure download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove PcsSecure.

  5. Restart the computer to complete PcsSecure removal procedure.

4. PcsSecure files:

C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe
C:\Program Files\PcsSecure Software\PcsSecure\uninstall.exe

5. Hijackthis entries:

O4 - HKCU\..\Run: [hqfdcbxn.exe] C:\WINDOWS\system32\hqfdcbxn.exe
O4 - HKUS\S-1-5-21-73586283-842925246-1708537768-1003\..\Run: [hqfdcbxn.exe] C:\WINDOWS\system32\hqfdcbxn.exe (User '?')