Internet Security 2010
Internet Security 2010 is another counterfeit security tool for Windows. This type of program is normally promoted as antivirus and protection software to deceive target. Internet Security 2010 virus gets into the system slipping antivirus applications. Related Trojan that earlier contaminated computer will redirect Internet browser to a malicious security web sites that make use of drive-by-download method. When residing inside the system, Internet Security 2010 together with Trojan make sure that user will have difficulties taking the rogue AV out of the system. Certainly, all options and tools found useful to eliminate this unwanted program will be rendered useless. Internet Security 2010 also kills running process of antivirus program causing it full disability. Windows system functionalities and Safe Mode are made inaccessible. Above all, Internet Security 2010 will alter system settings particularly the registry so that it will reign each time Windows is started.
Being in disguise as legitimate security product, Internet Security 2010 is successful in misleading computer users. In fact, some who have encounter with this fake antivirus end up appealing for the registration key. Worst, those that possess credit card account advances to online payment processing web site to obtain the full version of Internet Security 2010. This action is heading to stolen credit card credentials and redundant charges on transaction.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Internet Security 2010 Removal Procedures
Internet Security 2010 REMOVAL TOOL:
Efficient and complete removal of Internet Security 2010 can be provided by Malwarebytes Anti-Malware. Please download, install and scan. If downloading is blocked by a virus, use a clean computer and save it to a Disc or USB drive and execute the removal on infected machine.
MANUAL REMOVAL:
1. Unload any running Internet Security 2010 process by pressing Ctrl+Alt+Del on your keyboard. This will open Task Manager. Look for the following process and click “End Process”:
IS2010.exe, ave.exe
2. If antivirus program Is installed, connect to Internet and update it to have the latest database and pattern files.
3. Thoroughly scan the computer and clean/delete all infected files. See lists of Internet Security 2010 associated files below.
4. Edit Windows registry and delete malicious entries as stated below.
(Windows 2000/XP) – Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
(Windows Vista/7) – Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Close registry editor, changes will be save automatically.
6. Remove Internet Security 2010 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
IS2010.exe, ave.exe
7. Click on Apply and reboot the computer for changes to take effect.
Technical Details and Additional Information:
Malicious Files Added by Internet Security 2010
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
%UserProfile%\Desktop\Internet Security 2010.lnk
%UserProfile%\Start Menu\Internet Security 2010.lnk
c:\s (or any letter)
c:\Program Files\InternetSecurity2010
c:\Program Files\InternetSecurity2010\IS2010.exe
c:\Windir\system32\41.exe
c:\Windir\system32\winhelper86.dll
c:\Windir\system32\winlogon86.exe
c:\Windir\system32\winupdate86.exe
File Location for Windows Versions:
- %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
- %Windir% refers to the installation folder of the operating system.
Internet Security 2010 Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Internet Security 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “winupdate86.exe”
precisesecurity
Dec 13, 2009 @ 02:07:04
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart the computer.
Note: Internet Security 2010 virus may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.
Jim B
Dec 26, 2009 @ 16:28:01
Followed instructions, kills malware before it can update. Removes shortcut links on desktop so icon is useless.
Tried 10 times.
Even tried rkill.
Got Task Manager back but nothing else.
What process is it?
I can kill that
Jim P
Dec 26, 2009 @ 17:51:50
I got as far as Jim B and am hoping there is a process I can kill here. My laptop is locked up on Task Manager but it is working so i could kill a process. If I have to shut down to get the OS working again I may not get rkill to work as it took many tries the first time around. I can’t get on Internet Explorer and I still can’t run Malware!!!
linkupsuper
Dec 26, 2009 @ 20:43:26
XP Auto logging off problem Solved.
This problem occurs after virus clean up Internet Security 2010 fake program
I had this same problem and it sounds like the common solution is to copy a new userinit.exe file to wsaupdater.exe. In my case, the registry key for userinit.exe was not pointing to wsaupdater.exe, it was pointing somewhere else entirely. The only way I was able to log in again was to edit the registry and change key string to Under KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Current Version\Winlogon
to read ; C:\WINDOWS\system32\userinit.exe
In order to edit this, I downloaded and created a BartPE boot disk (www.nu2.nu/pebuilder/). After the file is downloaded installed it on a working one running windows XP only .The downloaded file scan any XP only computer and build a bootable CD. After the boot CD is created, boot the affected machine from the bootable CD and follow these steps.
1. Click the icon in the lower left corner and select Run
2. Type Regedit
3. Highlight HKEY_USERS
4. Click the File menu and select Load Hive
5. Navigate to C:\Windows\System32\Config\Software (pick software and open)
Tip! if no sub folders is seen under windows make sure the file name field is blank or click in the
file name field and press enter you may repeat a few times until sub folders is seen
6. Name the hive something like MyHive
7. Open MyHive folder under HKEY_USERS
8. Navigate to KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Current Version\Winlogon
right click on (userinit ) choose modify next change the value of Userinit to
C:\WINDOWS\system32\userinit.exe
9. After you have made this change, it is important to unload the hive
10. Highlight the MyHive, click on the file menu, and select unload hive.
This should fix your log on problems.
Lelslie Bartlett
Dec 27, 2009 @ 16:03:15
This sounds like something too complex for me to do on my own. I have avoided registry messing like a plague because the guy who has now grown weary of helping, has told me all I will do if I go into Regedit is get into trouble. Anyone crazy enough to want to try to talk one through this should reply to my wife’s email, sanskee@sbcglobal.net, or call after noon at 281495-8541. Thanks if there are people willing to do this.
Gidget
Dec 29, 2009 @ 03:47:55
what if i cannot log into the internet in order to get the software?
Somewho
Dec 30, 2009 @ 20:17:42
Well, for me at least, Internet Security 2010 downloaded itself into the program files and ran itself as “IS2010.exe” or something like that. I killed the process from task manager and went straight to the .exe itself in Program Files, deleted it, and emptied my recycle bin. Seems to have worked for me…
jake
Dec 30, 2009 @ 21:22:56
Has anyone tried spyware doctor? i saw a post where people said it worked. But do not know if it was real.
Crap
Dec 31, 2009 @ 00:09:02
Don’t miss understand a removal direction like my sister did, IS2010 took over malwarebytes and now I can’t do sh*t for her, I can’t even remove malwarebytes or get into anything else, I am even trying dos and that doesn’t seem to work. By the way the shut down problem is caused by it shutting down startup files. If you get logged in you can go into msconfig and select normal startup, hit apply and you should be good. Don’t pause or it will shut down again
i need help
Dec 31, 2009 @ 23:43:25
the 12 steps didnt work, i cant even install, i also dont have any destop icons or the toolbar im an average pc use im not very knowledgeable with all these codes i jus want it off asap…
Legal Action
Jan 02, 2010 @ 20:26:12
What legal action can we take against the makers of this malware?
Cindy
Jan 02, 2010 @ 21:12:11
I have dealt with a number of these variants, and got hit with this virus myself (and I am a computer tech). I spent a fair bit of time this morning eliminating this. Primarily, I had to edit the registry and find the .dll files associated with this. It hides it’s components in a variety of locations, including under application data in the profiles. There are a number of instances of IS2010.exe on the pc, search for them and delete them all.
Also, rename the winhelper86, winlogon86 and winupdater86 files (if you can’t delete them) and this will help you progress. The directory created is:
c:\program files\Internet Security 2010. You must delete this directory. I also used MSconfig to stop the programs at startup.
This took me about 2 hours to completely eliminate. It also creates a protocal handler that stops you from accessing the internet. I used “lspfix.exe” to fix that part of the infection.
I can’t really give you “step by step” because depending on how infected your system has become will depend on best practices for you. I honestly suggest having a knowledgeable technician to help you out. Using regedit is not something to take lightly. You can scan the registry for all instances of IS2010.exe and safely delete those exact entries.
Always backup your registry before making changes
In regedit, go to file > export and save a copy of your registry.
Good luck….this one was not easy to get rid of. And ultimately, Malwarebytes m-bam.exe has been a terrific tool for many situations like this. If you can’t download it on the infected system, use a flash drive and get it from another pc.
I hope some of this info helps someone….
Butch
Jan 03, 2010 @ 19:18:35
Downloaded the free software, wiped out the 2010 virus in minutes. Thanks very much
Anjelica
Jan 05, 2010 @ 14:45:49
I managed to kill the process related to virus by opening up a notepad document, write a few letters, then press the power off button. Everything but the notepad document shuts down, including the virus. It’s still stopping various programs and webpages though, so I’m running malwarebytes and manually searching for the files like Cindy suggested.
I’m not sure if using the notepad-shutdown technique works on all system (I have XP home edition), but it’s worth a try for anyone who is having problems deleting the infected files because they are currently in use by the IS program, and who don’t have access to the task manager (mine was blocked).
Anjelica
Jan 05, 2010 @ 14:47:30
Oh, and when the option comes up to eithere save, not save or cancel the notepad document, press cancel. That will stop the shutdown process and leave you with an almost “free” computer. Pressing anything else will continue the process and shut it down, not much point in doing that.
Adybee
Jan 06, 2010 @ 09:56:06
I used Malwarebytes and it removed it quickly. I then searched and found instances of the IS2010.exe and removed them manually. I restarted and recovered my virus protection and then switched on the Firewall. After about 5 seconds it was Blue Screened. I turned off and that was the last life I have had. My PC is dead… Maybe another problem which was an almost unbelievable coincidence as I have not had any prior problems.
dns6181
Jan 06, 2010 @ 14:10:09
My system seems worse than the rest. I cannot start anything, notepad, command prompt, tmanager, rkill, winzip, safe mode, etc. It also randomly open IE and goes to porno sites. Unless someone comes up with a new solution, it looks like reformat and reinstall XP.
jason
Jan 07, 2010 @ 21:36:12
hey cindy can u tell me what u did with lsp to fix your protocol thing? Ive removed IS2010, but my internet still isnt working completely
Ahirere
Jan 07, 2010 @ 22:05:04
The very Very best thing you can do is back up all files you wish to keep in your system i.e photo’s, music, movies etc… and then run an intire system re-install. Yes it is a hasstle to re-install all of your programs i.e itunes, codex, windows office etc but you will always have apart of the “internet security 2010″ in your system. Because virus wise the risk is low, the damage the infection has, isnt worth trying to remove manually.
TAKE MY WORD. run the re-install. its healthier for your personal data in the long run
chur chur
JohnnyM
Jan 08, 2010 @ 07:24:35
IS2010 Removed!! I downloaded Malwarebytes Anti-Malware on another PC and burnt it on a CD. Installed it from the CD drive on the infected computer, did an update and ran a quick scan. It picked up all the infections and removed IS2010 completely.
Jam
Jan 08, 2010 @ 07:31:01
It wipes out all anti malware programs, won’t allow me access to my computer or anythinAnyone? This thing is taking over fast.
Chadrick
Jan 08, 2010 @ 21:34:11
I used a combination of several of these. First off, turn back on the task manager… for help use this link…
hxxp://www.pchell.com/support/taskmanagerdisabled.shtml
end task on IS2010.exe and check for smss32.exe I had both.
You can do a search for these files and delete them(or just use the malware-bytes). Then run malware-bytes on your computer and remove the files found. So far, it seems to be working for me.
seb
Jan 10, 2010 @ 12:13:07
@Cindy, been goin mad for days tryin to get my internet working after gettin rid of the is2010 virus, and that lspfix.exe did the trick! thankyou sooo much!!!!! :)
matt
Jan 11, 2010 @ 05:46:59
I got this and on my old laptop and now I can’t even turn it on. It just goes straight to a black screen. Do I just have to pay someone to fix it at that point?
shannon
Jan 11, 2010 @ 15:11:58
I have the Internet Security 2010 virus on my pc. I cannot login to windows. I can’t even run safe mode. When I try to login its says “loading personal settings” and then immediately says “logging off…” If I put in the re-install disc in without being logged in to windows will I be able to run the disc? Any suggestions?
Tolana
Jan 15, 2010 @ 17:47:09
Downloaded rkill. Downloaded Malwarebytes from File Hippo (Trojans were redirecting links to malwarebtes.org and Cnet to go to virus products I’ve never heard of).
Couldn’t run rkill, so I installed and ran Anti-Malware as instructed. It removed all but 2 items whcih it said had to be done at reboot. Then I tried to run rkill again and it worked! My desktop went back to normal and Internet Security icons were removed from task bar.
Ran Anti-Malware again to be safe, but only found the same 2 items to remove on reboot. So I rebooted and everything looked normal. Then I ran a full scan with Anti-Malware. So far, just one item found.
Thanks so much for this info!!!
Tolana
Jan 15, 2010 @ 17:54:12
Forgot to add: I have McAfee antivirus and firewall. McAfee only found and asked me if I wanted to block registry edits which would have enabled Active Desktop. It was a file called e.exe in my Temp folder.
McAfee didn’t help at all with the rest. But I *was* able to turn on “Lock down firewall” in McAfee, which stopped all connections in and out. Perhaps this kept things from getting worse. I looked up your site on my phone, and turned off the Lockdown on my PC only to download the software.
r dub
Jan 16, 2010 @ 03:31:31
Make or buy a boot disk that runs from your disk drive. I had this kind of virus last year around september. Got it off and now i have it again. I dont know how i got it this time. I was not downloading anytihng.
Travis
Jan 16, 2010 @ 06:18:37
I have had an odd side effect… I removed it rathere easily, When it happened I was on isohunt and the computer locked up and it gave me the Green Screen with the fake warning etc… I immediately opened up Malware Antytes and updated it to the newest version and it removed it. My odd side effect is now when I search it sometimes goes to random websites related to what I have searched for? Sometimes it goes to a random site? Very odd I have scanned it with norton/Malware Antibytes and it says it’s clean but I don’t know?
nathanV whitefence
Jan 16, 2010 @ 12:02:00
copy c/windows/system32/cmd.exe to desktop as cmd2.exe
double click on it
om your cmd line:
taskkill /IM IS2010.exe
taskkill /F / /IM SMSS.exe
then delete c:/program/IS2010.exe and c/window/system32/SMSS2.exe
then the pop up stop
run your malwarebytes
good luck
Doug
Jan 16, 2010 @ 19:40:37
Wow what a hassle that was. Fortunately, VERY fortunately, I already had Spybot installed on my PC which I use about once a week. It ran a scan and identified all the malicious registry entries including the one which disables your task manager, took nearly an hour. Once I deleted all the entries I was able to pull up the task manager and kill the virus process. Found the IS2010.exe file and deleted it. Spybot just saved my butt. I have used it for about 8 years now and HIGHLY recommend you get this. It’s totally free but I think I’ll be making a donation to it. Called spybot search and destroy. Highly effective software.
Wanderer
Jan 17, 2010 @ 01:20:10
Thank you for all the good information. Malwarebytes was the key to removal. After years of using Spybot it failed. My infection arrived via an email.
Now that this is contained Internet Explorer will not browse – only Google Chrome seems to be working. Any suggestions?
Dirtyboy
Jan 17, 2010 @ 03:20:26
if you aint got the experience then just use Malwarebytes Anti-Malware… twice even 3 times, then run the TaskManagerFix that you will need from Google as your task manager will be locked to Adminsssss….. poxy little bugger of an infection.
Dan
Jan 17, 2010 @ 18:27:42
well, I got the 2010 virus. It was very damaging. I ended up paying Norton $139.99 to remotely fix my computer. At that point I could not go on-line, I had numerous/continuous pop-ups from the virus and most of my programs would not function. The difficulty of knowing what to do was greater than my abilities. So far…it is working fine. I’m still not sure how “it” got in and I’m not sure how to prevent a re-infection. I certainly wish that the “guilty” inventors of this virus will be caught and severely punished.
Shane
Jan 18, 2010 @ 03:39:44
Just do a system restore and it will be gone!
rachel
Jan 18, 2010 @ 12:59:29
system restore does not work – I restore but it tells me nothing has changed – i have a hard time searching anything – it kills my internet browser – i can get on the internet but my screen freezes after awhile. I ran malware and it seemed to have gotten rid of it (at least some of it) . ran microsoft essentials and that found a ton of viruses. I recommend that. I tried one care but the virus seems to recognize this one and will not let me download it. I am going to have to pay someone to fix me I suppose. This is my first virus and Im not happy.
skyler
Jan 18, 2010 @ 16:17:31
Okay I got this virus this morning right before going to sleep (I stay up all night and go to sleep in the morning) so I haven’t gotten any sleep in a really long time thanks to this.
Anyway, I downloaded malwarebytes and the first time I tried it it didn’t find anything, which was weird. I couldn’t do anything like run task manager, go to certain sites, run certain programs, and i couldn’t delete the internet security 2010 file. So I ran Windows in safe mode and for some reason I was able to delete the program that way. So now the program is gone but i’m still having problems. I can’t run task manager, everything is pretty slow, and the alert is still telling me I have problems. The background is still the “INFECTED” thing. Oh and I can’t do the registry thing that everyone is talking about because it won’t let me run that (Just like with task manager)
I was able to get all my important files off so I’m not too worried about that. I wouldn’t mind doing a system restore, in fact i’d LOVE to. But I can’t. I have a mini and that means it didn’t come with the windows xp CD. I know there is a way that I can put it on a usb drive BUT I don’t even have a disc for that so that’s not going to work unless I can get one.
Oh , I’m also able to go to any site right now. I can basically use my PC it’s just really slow and I’m unable to use task manager and other things.
So, uh, can ANYONE help me out? I’ve been looking online for anything to help and everything does not seem to be working out for me. please email me at bedazzledcobraveins@gmail.com if you can help.
Marc
Jan 18, 2010 @ 21:05:23
I seem to have everything deleted and restored, but my boot up seems to be taking much longer than normal. Has anyone else experienced this problem? Any suggestions about how to correct this?
James P
Jan 19, 2010 @ 15:03:45
If you can get into Safe Mode, run Malwarebytes from there – there are fewer places for the Trojan to hide!
Restart and run it again to make sure…
It’s worth noting that the big green warning message ‘Your System is Infected!’ is not a real pop-up – it’s just a pic that replaces your wallpaper. Go to display settings to get your old one back.
raj
Jan 19, 2010 @ 21:01:27
ok guys those who couldnt run rkill.exe, here is the trick. after you start rkill if you get a message that rkill couldnt be started, just ignore that message, dont do anything on that message window, leave it like that, and start rkill again by double clicking rkill.exe and this time it will stop all the processes related to the spyware, it kill kick all those bustards out. then run malwarebyte and do just a quick scan. delete everything found, restart the pc and do a full scan and remove if anything more is found and restart again. keep the internet off all the time, and hook up again after the full scan is done.
drew
Jan 19, 2010 @ 21:14:14
i cant even dp this when i try and run the rkill the virus pops up and i dont even see this message window that says it cant be started, any suggestions?
Tech Guy
Jan 19, 2010 @ 21:33:11
Thanks for everyones posts. could not get rkill to work or task manager. got task manager working this did not help me as it kept coming back…. Malwarebytes would not run… kept freezing on one file. Booted in safemode ran malware and it worked!!! rebooted PC and evrything seems fine now.
Pullingoutmyhair
Jan 20, 2010 @ 16:30:29
I seem to have removed the virus–or some of it–but now only my antivirus programs cannot access the internet to update. I can get on the internet using a browser.–I already checked windows firewall–there is nothing that should be blocking these programs–I just want to update all my virus programs to make sure its completely gone.–keep getting message unable to connect to server or similar message depending on program.
Jon
Jan 20, 2010 @ 17:49:30
I used SpyBot in Safe Mode when logged in as administrator – I too suffered the same issues as others with both Task Manager and Regedit being disabled. However, after running Spybot (make sure you install the latest updates – and Spybot’s free to use) I rebooted the PC, then ran it again and the various pop-ups are now gone. However, when I go to access Display I can’t change the background and access any of the listed files. Any suggestions?
Alex
Jan 21, 2010 @ 08:50:43
I got the 2010 virus yesterday, and by today I can’t even log into windows. I’ve read other peoples posts with this same problem but haven’t had any luck finding a solution. I’ve tried safe mode and the same problem occurs. I am logged off before even being logged on. Please help
Diana
Jan 21, 2010 @ 10:55:08
I used Malware bytes and rkill to remove this virus, however, now I cannot get on the internet. (I’m on my work computer to post this). It just says page cannot be displayed. Email will not load eithere. Any idea how to fix this? All the settings are good, I reset the modem and router. Wireless works fine on my laptop.
sharlene
Jan 21, 2010 @ 11:13:12
To linkupsuper
Can you please advise if your solution allows access to data again or does it cause all the data to be lost.
I want to try it but if i cant recover my data i will format instead.
andrew
Jan 21, 2010 @ 20:40:42
I ran malware bytes, removed everything and all seems fine now except I cannot load any webpage. Nothing even happens, no errors just nothing happens. Anyone else had this and managed to fix it? Cheers.
robert
Jan 22, 2010 @ 20:15:35
Ran into this a few times and it’s not worth cleaning (if you can at all). If the virus is dug in enough, you’ll never get it out.
Data? Yes, not hard at all. Easiest way is to use a linux live cd – ubuntu is great. Download the ISO from their website, burn it to cd or dvd and boot to it. When you get to the main screen you’re given options to eithere install or run without making changes – run it without making changes (DO NOT RUN THE INSTALLER) and the linux desktop will pop up in a few minutes.
Linux will load without damaging your current system and you’re going to find out in a hurry how secure microsoft really is (it’s a joke) cause you’ll be able to access everything on your current hard drive without passwords.
plug in a usb drive or whatever you have and copy your data. You can surf the web, transfer all your data – everything you need to do before formatting.
Good luck.
desdra
Jan 23, 2010 @ 14:42:46
after 5 days i think i removed some of the major components of the virus. What I still have in the startup files is ssms 32 and whenever i cut it off it says only the administrator can do this and i am the admin. the other problem is i cant get to the internet. It is blocking that can somone please help me with geting my admin feature back so it will allow me to cut it off in startup and how do i get my internet back.
DAN
Jan 24, 2010 @ 03:11:13
Hey,
So Spybot pretty much fixed my system from this virus, with one excpetion: the virus puts an ‘infected computer’ image as the wallpaper, then locks the wallpaper selector. Anyone know how to unlock the wallpaper ??
Zach
Jan 24, 2010 @ 04:21:28
I got this virus tonight..
Does anyone know where it came from? Can it be launched from an MP3 or FLAC file? That is about the only thing I downloaded on the system today. Actually, 1 FLAC File.
Anyways, there is another web page out there with instructions for rkill and malware program.
Like someone above said, run RKILL and when it warns you it can’t run, just run it again and wait, it should kill the processes. Then you should get back taskmanager and can run malaware program which should remove it.
You might want to try safe mode also (f8) when rebooting.
I’ve got the same problem others have though – It’s killed some network sub system.. I can’ browse or FTP or do anything on internet.
I am going to try LSPFIX.EXE like someone reccomended.
hxxp://www.cexx.org/lspfix.htm
I’m not with the computer now so have to wait until tmr. Seems like it might work, that malware hosed something needed to browse.
This sucked! I spent about 4 hours on it, since I couldn’t browse I thought I still had it. And after it was removed it was still there… I also cleaned out RUN folder in reg, used MSCONFIG to kill some startup junk and used HIJACKTHIS to kill a few things.
Richard
Jan 24, 2010 @ 12:04:01
Well I got Internet Security 2010 trojan then used spybot search & destroy to find all names of to do with this program malicious bug. I removed it with malwarebytes and avast, but now my computer loads fine, but there is absolutely nothing on my desktop for icons etc. to scan again etc. Now it brings up a box that says Spyware Alert! Worm.Win32.Netsky detected. At this point not sure what to do since I can’t find a programmer to help me out with this. Does Anyone have a suggestion please
Jean Veness
Jan 24, 2010 @ 12:10:56
I followed linkedupsuper advice with pebuilder; still can’t log on. when i go back and look at registry after trying to log on, it has changed back to X:\i386\system32\userinit.exe,
Zach
Jan 24, 2010 @ 18:31:23
I worked on my problem some more this morning. The malware was still there. I ran spyboy search and destroy and dr. web. Dr. web found it but I couldn’t delete anything. I deleted the files manually or renamed them. spyboy found some other stuff and removed it.
lspfix didn’t fix my internet issues.
This MS Fix did though:
http://support.microsoft.com/kb/811259
There is a ‘fix-it’ link that restored my winsock and now internet works again.
It seems like the system is slower, wondering if my disc caching was turned off or something else done to affect system performance.
T911
Jan 25, 2010 @ 01:45:29
i have gotten this puppy from weathere.yahoo.com !!!
anyway, removed HD and hooked up onto another PC and killed the sucker there with dr web cure it and by deleting folder program files/internetsecurity2010
death penalty for those stupid crackers !!!
Dynasty
Jan 25, 2010 @ 22:41:35
I’m infected by IS20100, a very stubborn infection to get rid of. Can’t run task manager, cmd, surf the internet, safe mode boot, etc. The folder in c:\program files\internetsecurity2010 folder is empty. Deleted it but no effect. MSconfig doesn’t work as well. The pesky hides itself somewhere else and every few seconds it pops up warning sign which makes difficult to work on. The only thing I could do was to backup my files and scan it on another PC and I am going to blow my PC away and reinstall. yep! Death to the damned crackers!
ck
Jan 25, 2010 @ 22:43:33
I ran spybot search and destroy as soon as i saw the window popping up that i had 25 trojans. Also there is a typo in the wallpaper that 2010 puts on the computer.I use my laptop for internet browsing and random things, I don’t download files to it. I couldn’t delete the program file, open my registry, or anything else to manually delete it. After spybot found registry changes and did its thing, i did a system restore and that fixed everything (so it seems). i’ve been looking for the files and registry keys and haven’t found anything.
curiousnovice
Jan 26, 2010 @ 03:56:42
I was using my computer and the internet security window popped up…is that the beginning of the virus? I immediately tried to run an update to my virus scan, unplugged the internet and scanned for viruses. There weren’t any, HA so I took it to a tech and he cleaned the virus but the “operating system” doesn’t work. That’s okay I can have that fixed, I am concerned about my documents and credit card #’s etc.
Does anyone know what this virus does, did it rob me of my personal info and IP address…things I have been reading about…Im very concerned.
curiousnovice
Jan 26, 2010 @ 04:09:56
Okay I am such a novice I couldn’t get my first message to post. I was using my laptop when the internet security 2010 virus windows started popping up. I closed all the applications and restarted Windows. when they came back i tried to update my virus scan and then unplugged my internet connection and ran the scan. No virus found. I didn’t plug it back in, i took it to a tech and he removed the virus but told me my “operating system” didn’t work and he needed my original discs. I haven’t decided whethere or not to fix it.
My main concern is what does this virus do? Were the windows the beginning of the virus? I am concerned about my documents and personal info that may have been there. I paid my insurance by credit card an hour or so before the windows popped up. Was I being robbed of that info, or is the purpose of the virus to destroy my PC?
Thanks, you all seem to know so much and I am really concerned!!!
Brian
Jan 26, 2010 @ 13:34:00
I just fixed a friends PC that had this nasty! Used MalwareBytes, combofix, Spybot and that got it. I would guess it took about 3 hours. This one is really on a rampage as we can see by all the posts!
Steve Williams
Jan 27, 2010 @ 02:02:59
I have the same problem as Shannon. What can I do? and wife is on my case. Any ideas?
Max
Jan 27, 2010 @ 16:53:09
same here as Steve and Shannon. Can’t even logon. Safe mode didnt work.
thanks!
Elaine
Jan 27, 2010 @ 21:40:57
I have been trying to get rid of this virus for 5 days now. I have tried everything. Combofix has a bug in it so it started deleting my files on top of the mess from the virus. There is a fix posted for that but still having problems.
Yesterday I finally resorted to doing HP recovery. There was another program I used besides for rkill check out this link bleepingcomputer.com/virus-removal/remove-total-security and go to process explorer download link. That finally allowed me to start task manager and get into registry. Rkill.exe only worked the 1st time. Don’t forget when doing this to shut off system restore.
So after I did my HP recovery I ran malwarebytes just to be safe. It found virus infection. Kept running until no infections were found. Then I ran AVG and it found infections and got rid of them. Now I am trying to run in safe mode to be sure it is all gone and my machine keeps shutting down at a certain point of running through malwarebytes scan.
Please help. I see everyone is frustrated. Has anyone run into this problem when thinking they finally got rid of it? I can go on the internet now and run things normally but I know it is still there.
denise
Jan 27, 2010 @ 23:38:25
I have the internet security virus 2010. i am now unable to restart my computer. it just keeps trying to restart over and over. i cannot even put it in safemode. Please help
sam
Jan 28, 2010 @ 18:23:26
I don’t know about computers. I was infected by IS2010 virus last night. The virus WOULDN’T ALLOW me to perform a “System Restore”. Thanks to this response forum, I downloaded Spybot and it fixed 90 problems. The virus was STILL THERE. The difference was that after running Spybot I was finally able to gain access to “System Restore”. I changed the date and my system automatically rebooted. I thought it was too good to be true. It seems like everyone’s PC has a unique problem from the virus than the next person’s. I recommend anyone try what I did. I am so glad that I was able to find this response forum again so that I could share my easy (and maybe lucky) solution.
sam
Jan 28, 2010 @ 18:29:23
If you are not able to access “System Restore”, run Spybot. Spybot will fix like 90 problems, but the virus will still be there. THEN try “System Restore”. I was able to access “System Restore” AFTER Spybot finished. It worked for me.
Ryley
Jan 30, 2010 @ 08:50:44
This virus is the absolute Pitts!
I’ve tried to wipe it off my pc for 4 days and failed. I eventually could not log on, could not restore, could not do a winxp repair. nothing.
Ended up doing a clean install tonight and once xp fired back up I immeadiately fired up my firewall and installed anti-virus. 15 minutes later I got a warning that I still had it…after a completely new install!!!!!!!!!
WTF!
Diane
Jan 31, 2010 @ 03:12:55
I have a friend’s laptop that has the Internet Security 2010 virus on it. He didn’t know what was wrong. So I was on it for about 15 minutes just to find out what was going on. Then that blue screen came on. I restarted and tried 4 or 5 times and I couldn’t even use Safe Mode because the blue screen has come back. Honestly, I only know a little about troubleshooting but had a similar problem that’s why I thought I was able to help. This is what the screen showed:
A problem has been detected and Windows has been shut down to prevent damage to your system.
PAGE_FAULT_IN_NONPAGED_AREA
If this is the first time you’ve seen this Stop error screen, restart Windows. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware of software manufacturer for any Windows updates you might need.
If virus problems continue, disable or remove any newly installed hardware or software. Disable Bios Memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart, press F8 to select Advanced Startup Options, and then select Safe Mode.
Technical information:
*** STOP: 0×00000050 (0xc9464369, 0×00000000, 0x 8968208c, 0×00000000)
Please help. I’ve noticed a couple of people here with the same type of problem that could use help as well. Thanks so much!
Confused, and p**sed off.
Jan 31, 2010 @ 11:12:51
I’m curious as to who is behind the virus installation. It was installed on my PC when it came home from Software Emporium inc. I’m curious. if it is such an infamous malware, why are experts having it installed?
WI Cheesehead
Feb 01, 2010 @ 14:32:56
Success story here. 2010 Internet Security virus invaded my older laptop two days ago. I was barely able to get into safe-mode and was unable to run System Restore at all. Othere functions like desktop and display were compromised.
I downoaded Malwarebytes’ Anti-Malware free version software and copied it to CD. After running it on my infected laptop, and finding 43 infected items, all traces were removed.
Thanks for the advice here and never give up. I almost did!
Diane
Feb 02, 2010 @ 22:06:03
Me again. LOL. I keep trying using F8 and Last Known Good Configuration. Probably took 50 times to finally to get this complete. So I was able to run the Malwarebytes using a CD. I did the full scan with it but the Blue Screen would seem to pop up at any time, so I decided to run the quick scan. Which was able to complete and there were about 232 infections. I restarted the computer like it recommended. I figured that did the job, so to make sure I would still run the full scan. After about 17 minutes, the Blue Screen came back up. I waited then restarted and the Blue Screen came up again. I’m not sure what to do know since I was able to run the Malwarebytes. Can anyone help?? Thanks!
Bob
Feb 03, 2010 @ 03:06:12
Whoever put out this piece of s— should be hung by the short hairs. This thing has cost me more time in tryig to remove it then all other viruses put togethere. None of the solutions worked on any system I have. IT took over my whole system and all processes and none of the files expressed in any documentation exists on my system. I’ve deletedall the files that are associated with IS2010 and after a reboot all comes right back. I know there’s a DLL file where it reinstalls from but I haven’t found it.
My next step is to reinstall all windows and hope I don’t lose anything I can’t get back and yes, I have backups of all programs but since its not my system I don’t have backups of the specialized software.
If I find something, I’ll be sure to post it.
Sam
Feb 04, 2010 @ 09:37:40
Hi
Got hit with this virus yesterday on home pc and I see from the posts above that I have the same problem as quite a few others whereas, I can’t log on as it logs me straight back and I can’t even access safe mode. Has anyone found a solution for this yet? Would appreciate any help
Brian
Feb 04, 2010 @ 13:58:02
Cleaned this nasty off a friends PC about 10 days ago. He called today and said the 2010 pop ups were back. Had him run Malware again and restart. Pop ups are gone but I think we still have an issue because he cannot update malware, spybot or mcafee. Any suggestions to do a deeper clean?
Thanks,
Brian in MI
Amy
Feb 07, 2010 @ 18:34:50
Woah! It looks like I’m not the only one trying to kill this annoying virus.
I got the virus a few days ago and used RKill and Malwarebytes and restarted the computer.
The pop-ups still remains despite removing the registy keys with Malwarebytes. Can’t seem to find the files of it eithere T-T
Sherri
Feb 08, 2010 @ 08:15:52
Try combofix. It is freeware, but donations are accepted. You need to be VERY patient and let the program do it’s thing. It may take a while to run. Good Luck!
Jeff
Feb 09, 2010 @ 23:19:14
I’ve been hit with this virus as well, but the only errant file that is running when the virus pops up is av.exe. As soon as I end this process the pop-ups stop, but as soon as I run malwarebytes, it immediately starts up av.exe and doesn’t open malwarebytes anti-malware. I was able to download and run SUPERAntiSpyware though, and am currently waiting for it to finish. Hopefully, if it doesn’t quite get everything, it’ll get enough for me to be able to run malwarebytes.
When this first hit me, I saw the unusual pop-up, then about 10 seconds later my Windows rebooted, and coninued to reboot before it would even load windows. I had to boot from my OS CD and re-install the os before I could actually do anything about this. Thankfully, I didn’t lose any files or programs during the re-install.
Elle
Feb 10, 2010 @ 20:07:00
You have to run rkill.exe first, which will kill any malware that’s running. Then you need to download malwarebytes software, but you’ll need to download a key executable seperately because the Internet Security disables part of the malware program. Then you’ll be able to remove it. Here are the instructions – they have worked for me twice: bleepingcomputer.com/virus-removal/remove-internet-security-2010
One more thing, the second time I had this infection, the rkill.exe I had downloaded originally would not work – it kept getting killed by the malware. I downloaded new copies and burned them on a disk then ran the rkill from the disk. This worked.
Good luck.
Scott
Feb 12, 2010 @ 22:34:42
Malwarebytes will not kill this virus in my case. I have ran and it appeared fixed, removing all the infected files but later the dang thing came roaring back with a vengence. I have sucessfully update m bytes and ran several times.
I had to download a renamed version of malwarebytes exe file in order to run it, cause this virus deleted the exe file if you try to download it. the new exe is randomly named, like O9h2tt98.exe and ou put in programs/malwarebytes and run it.
anyway, still no luck, i will try searching regedit for is2010.exe but what if they also have versions renamed randomly like mbytes ?
kenny
Feb 14, 2010 @ 22:09:50
I caught this virus yesterday, it was the first time i came across this internet security 2010. I thought there was an older version that came up and i could just hit X and close the program out. Well this program ran halfway before i knew what was goin on. I got it shut down and ran windows defender and it found the virus and it deleted it but i didn’t let the scan finish. I think there is parts left on my computer. I cannot open my virus program, i cannot download any programs. If i try to open something it asks me what i want to open it with. Luckily i can still get on the internet. I can go into safe mode also. Ive been searching all day on ways to get rid of this piece of crap. I cannot find the rest of the files. Any advice will be appreciated.
kenny
Feb 14, 2010 @ 22:11:24
I can do a restore but it only restores to yesterday when i caught the virus.
Elaine
Feb 16, 2010 @ 21:39:35
I have this nasty virus on my pc at work. nightmare. Help……..
john
Feb 17, 2010 @ 04:36:12
i have deleted is2010 from taskbar, an cannot do a sucsessfu system restore
livi23
Feb 20, 2010 @ 17:06:55
I have the same problem as (dns6181) I can not open any the except internet explorer. It has block task manager,control panel, and when I try to download any file that can remove this program it say I have to run it some where else if you can please help. Email me at burns.olivia@yahoo.com
Vic
Feb 21, 2010 @ 01:26:30
I got infected with this terrible virus, but it wasn’t called IS2010.exe on my laptop, could not find any reference to that name at all. It was identified as “av.exe” in the task manager, I stopped the process & did a search, found the only av.exe file in the Prefetch folder, so I deleted that. Now it seems I have my laptop back, no other instance of IS2010 are running. I can run my malware (couldn’t before) so we’ll see whethere there is a deeper virus infection. I’ll post my progress.
Ingrid
Mar 05, 2010 @ 22:57:56
I’ve now managed to get this virus twice in less than a month and I only stick to good old trusted sites and no downloads!!
First time I just handed it in and had to pay £150 so not doing that again. It has had different names both time (this time something with XP in it), first time it crashed the laptop completely now at least I can end the process (av.exe) for a few minutes at a time and it doesn’t shut down the laptop.
I’ve always used the free version of AVG and never had any problems before but I guess I have to get a better anti virus program now…
Anyway, I don’t know much about computers from a user point of view (ironically I’m working in IT) but my next plan of action is to reinstall XP. I noticed someone mentioned this in an earlier post…could anyone give me some info on this..could it work?
jazz
Mar 09, 2010 @ 11:18:52
as soon as the pop ups started commin up, i knew something was wrong, thank god i looked it up on the web and surley it was a virus, all i did is system restore it back 3, 5 dys and it worked like a charm… also thnx to firefox i could access the internet, on the windows internet browser it wouldnt let me, poping some msg that its not safe and might b infected….go firefox, good luck guys…
Gill
Mar 15, 2010 @ 14:10:35
Take the computer out of the infected system. Add as a slave drive to another system. Scan it with Avast Free antivirus and Malwarebytes. Your system should be good to go. Has always worked for me.
tuxman
Mar 15, 2010 @ 22:54:04
I fixed it in one (alabeit 7 hour long) sitting. It came down to using rkill and doing a mbam quick scan and letting it scan. I caught it in its beginning stages, thank god.
btf
Mar 17, 2010 @ 20:15:21
I ran rkill and Malwarebytes, rebooted, scanned, rebooted and all the pop-ups stopped. :)
I have another problem now – the Run As command keeps popping up every time I open programs, even when firefox opens a new window. Is it related to rkill or malwarebytes?
JOE
Mar 21, 2010 @ 18:19:41
Got this horrible internet security virus today.Stoped everthing working.Couldnt get ino any programs.
Best and easiest thing is to get onto the internet via windows update and then go to malwarebytes website and install the program.You should be able to run it once you have downloaded it.
Install and update.
scan out of your computer.Whatever it finds delete and then restart.
Voila!!
corey
Mar 27, 2010 @ 13:56:03
also part of the virus is ave.exe (kill the process tree)
Joe
Apr 19, 2010 @ 04:16:04
Yes this is a tough virus. I’ve had it twice.
1. If you already have it and its bad enough you can’t log in, you have to interrupt prior to login to force it into safe mode. You should normally be able to hit the F2 or F12 key during boot up depending on make and model.
With my Gateway laptop, just putting in the restore disk prior to boot up was enough to send it into restore mode if I remember.
If you can’t get that to work after many tries:
***This is not recommended as there can be risk of damage***, but if the problem is so bad you are thinking of trashing your PC… with a lap top you can disconnect power cord, start log on, then interrupt the boot up procedure by yanking the battery, ***wait 2 mins*** to allow electrical components to discharge (lessens chance of damage), put battery back in, hook up power, and relog on. This time your notebook should automatically go straight into safe mode or give you that option because normal boot up was interrupted. ***ONLY TRY THAT AT YOUR OWN RISK and as a LAST RESORT***
While in safe mode, you will be able to run a restore disk.
2. This bug spawns itself into many areas.
One thing you can do once you can get the task manager running (Control Alt Delete) is to go to processes and click “Process Name” to cause it to sort the programs by name (This will stop them from jumping around if it is set to sort by CPU usage) Then look for any program that keeps showing activity over and over and that does not seem familiar to you. Program names like “systemsystem.exe” “UCNC.exe” and “m.214.tmp.exe” were culprits on mine.
If you are in safe mode you should be able to search and delete them after turning them off. This virus seems to know when its parts are turned off (!) and will try to set up in another file until your antivirus quick or deep scan gets to the main bugs and quarantines them.
I deleted enough of these things enough to get it under ‘control’ , then rehooked internet cable, and then uninstalled McAfee which wasn’t helping and downloaded the free version of VIPRE by sunbeltsoftware dot com and ran a quick scan with that and then a complete scan.
I still had a few problems but VIPRE has a neat feature that helped…. in the Tools Folder, click PC Explorer and it will tell you everything that is running, everything that is set to start at startup etc. This is good for identifying any remaining problems after the scan, because not all malware is easily identified. Any programs running that do not have a publisher etc need to be looked at very closely.
I still have something trying to call dll files that have been removed (probably a registry problem) One of the .dll files is named effecc.dll. So on bootup, I get 3 error messages, 2 messages for effecc.dll and 1 message for another dll I can’t remember right now.
I’ll look at the malware detector mentioned above to see if it can help.
Stephanie
Apr 28, 2010 @ 23:13:06
So… I got this virus MONTHS ago. I followed instructions awhile back to get rid of it using the system restore and i thought it was gone but today they pop-ups returned. Thankfully my internet worked because I had deleted most of it a few months ago so I was able to download Malware Bytes and it deleted the virus.
Now that i restarted though, I have no internet access. It says there is limited or no connectivity and when i try and repair the connection it says it cannot be repaired. ANyone know how I can get my internet working again?
I have windows XP by the way
Margil
May 10, 2010 @ 05:27:24
I got it this weekend, on mother’s day.
I ran Spybot in safe mode and that allowed me to use the internet. Then i downloaded RKill and malwarebytes. It took several attempts but finally managed to stop the pop-ups. Malwarebytes deleted most of the rest. But some remained. And i noticed that the offending programs are written under Apple’s quicktime names. Check your task manager and look for QuickTimeQwickTime.exe. (Yes, it is double), and other Quicktimesomethings. These are the programs that everytime you open windows media tell you that you need a special codec, and if you click on the “get the codec”, it downloads the original security 2010 all over again!.
Apple’s Quicktime is one word. Security 2010 is the same word eithere double or with something else beside it. If in doubt, delete all “quicktimes”. The real Quicktime program can be downloaded again later.
Margil
May 10, 2010 @ 05:37:10
By the way i used Firefox to access the internet. Internet Explorer was completely blocked. Go Mozilla Firefox !!
badalmishra
Jul 11, 2010 @ 01:25:46
please download a trial verson
tdss
Aug 08, 2010 @ 15:59:21
Well ? got rid of this manually but this also installed the tidserv rootkit on my pc. The authors of tidserv and ?S2010 should be punished!!!
bav
Aug 29, 2010 @ 09:18:28
If you can’t get your programs to run because of the virus. (Anti-Spyware Programs and rkill), turn off your computer and turn it back on. When your home screen comes up click your programs immediatley because the virus takes a few seconds to initiate. They should start running before the virus does. I used AVG for this and it worked like a charm.
highlanderRI01
Sep 14, 2010 @ 15:13:27
Ok, this virus thing stinks, especially when your mom s’ PC is infected and she knows or wants to know zero about it except getting on internet.
Went to house with flash drive full of tools to help her with what sounded like an easy problem to solve. Not this time. If I had known, I would have brought a Linux distro with me.
Anyhow her system was locked up, unless clicking on the fake security software icon, which brought you to there site. Everything else not happening including safe mode and accessing my usb key.
Had to do complete reinstall of Windows XP, plus all her dell drivers and reformat the hard drive, plus partitions. because it got really late still have 2 more hrs work to do to make computer work the way she needs it to. Got to luv this stuff! it could have been worse, not likeley
shyamsunder
Oct 25, 2010 @ 09:03:42
hi this is shyamsunder