How to Remove Volcano Security Suite | Volcano Security Suite Removal Guide
The prolific and frustrating VUNDO trojan family is currently in the process of bringing a new gift to those with the misfortune of being infected with the vundo trojan. This is a new rogue antivirus application known as Volcano Security Suite. It appears as though it may be delivered by attack sites (sneak downloads) as well as via the vundo trojan. Of course, it’s not a legitimate security suite and brings or creates files so that it can complain that they are virally infected and pose a threat to your computers security. Read on for more information about how to remove volcano security suite.
Among the files that volcano security suite creates to complain about are:
%userprof%\Recent\ANTIGEN.sys
%userprof%\Recent\cb.dll
%userprof%\Recent\cb.tmp
%userprof%\Recent\CLSV.tmp
%userprof%\Recent\DBOLE.sys
%userprof%\Recent\ddv.dll
%userprof%\Recent\eb.tmp
%userprof%\Recent\fan.drv
%userprof%\Recent\FS.drv
%userprof%\Recent\kernel32.drv
%userprof%\Recent\PE.drv
%userprof%\Recent\ppal.sys
%userprof%\Recent\runddlkey.dll
%userprof%\Recent\runddlkey.drv
%userprof%\Recent\tempdoc.sys
The files are harmless although it will claim that they are infected and cannot remove them unless you pay for Volcano Security Suite (surprise, surprise, surprise!) Other things this rogue does is alter the registry so that attempts to run antivirus programs result in other applications being launched instead. It also hijacks web browsing through internet explorer and searches will be pushed through search-gala.com. There will also be random errors along these lines in Internet Explorer:
This tab has been recovered
A problem with this webpage caused Internet Explorer to close and reopen the tab.
Internet Explorer has closed this webpage to help protect your computer
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
Windows Data Execution protection detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or malicious add-on.
We are unable to return you to google.ca.
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
When a website causes a failure or crash, Internet Explorer attempts to restore the site. It stops after two tries to avoid an endless loop.
First off you should download malwarebytes antimalware and process explorer from the virus removal toolkit page. You will likely need to either 1) rename the malwarebytes installer file to something else to allow it to install and run 2) reboot into safe mode to install malwarebytes or 3) follow through with a more manual install until you are able to install and run malwarebytes antimalware.
For manual removal the following running processes are associated with Volcano Security Suite and should be killed off using task manager or process explorer. If you are unable to run task manager or process explorer you may try renaming the program file (taskmgr.exe for instance) to another file name. (Copy and paste, then rename is safest.)
asp2009.exe
VS83b.exe
The following dlls should be unregistered and removed:
mozcrt19.dll
sqlite3.dll
runddlkey.dll
ddv.dll
cb.dll
The following files and folders should be removed for a manual removal of volcano security suite:
%docs%\All Users\Application Data\61a60
%docs%\All Users\Application Data\61a60\VS83b.exe
%docs%\All Users\Application Data\VSSSys
%docs%\All Users\Application Data\VSSSys\vss.cfg
%progfiles%\Mozilla Firefox\searchplugins\search.xml
%userprof%\Application Data\Microsoft\Internet Explorer\Quick Launch\Volcano Security Suite.lnk
%userprof%\Application Data\Volcano Security Suite
%userprof%\Application Data\Volcano Security Suite\cookies.sqlite
%userprof%\Desktop\Volcano Security Suite.lnk
%userprof%\Recent\ANTIGEN.sys
%userprof%\Recent\cb.dll
%userprof%\Recent\cb.tmp
%userprof%\Recent\CLSV.tmp
%userprof%\Recent\DBOLE.sys
%userprof%\Recent\ddv.dll
%userprof%\Recent\eb.tmp
%userprof%\Recent\fan.drv
%userprof%\Recent\FS.drv
%userprof%\Recent\kernel32.drv
%userprof%\Recent\PE.drv
%userprof%\Recent\ppal.sys
%userprof%\Recent\runddlkey.dll
%userprof%\Recent\runddlkey.drv
%userprof%\Recent\tempdoc.sys
%userprof%\Start Menu\Volcano Security Suite.lnk
%userprof%\Start Menu\Programs\Volcano Security Suite.lnk
%tmp%\24.mof
%tmp%\asp2009.exe
%tmp%\mozcrt19.dll
%tmp%\sqlite3.dll
%tmp%\VSSSys
%tmp%\VSS.ico
%tmp%\VSSSys\vd952342.bd
Even after the above files have been removed you should install and run a full scan with a tool such as malwarebytes and a trusted antvirus program to complete your volcano security suite removal.