Win 7 Internet Security 2011

38 Comments

1. Lilian
   Dec 31, 2010 @ 22:40:20

   good info

2. Jim
   Mar 31, 2011 @ 11:07:21

   Just cleaning this off of a machine tonight. It also remove or renamed msconfig, regedit, taskmgr and eventually removed the file association for .exe files.

   In the end I needed to perform a system restore to a week ago, just so I could get msconfig running to block all startup programs and services. Only then could I get malwarebytes installed and eventually cleaned everything out.

3. mellyanya
   Mar 31, 2011 @ 20:16:29

   Thank you very much!

4. martyn
   Apr 01, 2011 @ 11:14:02

   I simply used system restore after hours of trying other things and it worked!!

5. Anne
   Apr 02, 2011 @ 17:02:11

   Going to try this on my mom’s computer. This virus also eithere trashed or blocked access to her restore points, so that doesn’t seem to be an option for us at this time. Many fingers crossed that it will work!!!!

6. MDRV
   Apr 05, 2011 @ 21:20:32

   Hi i found a solution not the best but it works i searched the process in tskm and changed the file ending from exe to txt so this program was unable to start i actually didnt found this prog actually any where on my pc but it seems to be completly disabled

7. Keris
   Apr 30, 2011 @ 03:11:41

   I’m on here on my iPhone cause my computer it’s blocking me from visiting the site! Thanks

8. lisa
   Apr 30, 2011 @ 03:38:40

   what program did you find in task manager that you changed from exe to txt to stop it from running? I can’t logon to any internet site to run any fixing program.

9. shayla
   May 01, 2011 @ 01:55:23

   The Win 7 Security 2011 has blocked my internet . So i cannot do anything to remove it . Help please ?

10. Lisa
    May 02, 2011 @ 16:32:20

    Hi, this virus has also blocked me access to internet. How do we get rid of this. Step by step instructions please as I am not that computer savy. thanks.

11. Lisa
    May 02, 2011 @ 16:34:09

    I contacted Win 7 Internet Security 2011 about this and this was their response…

    I am really sorry that your computer has been infected. So, these pop-ups and are not the part of our product,
    they are a some kind of a virus from the internet and don’t belong to our program. It was done by our advertising
    partner and he’s already banned.
    This program will be self-removed in 6 days. There would be no problems after it is deleted.
    Also you can just set date and time setting in your windows control panel 6 days later according to current date.

    Is this true… will setting the date ahead by 6 days remove this virus?

12. steve macke
    May 02, 2011 @ 21:12:56

    I removed it with avast – downside was I also removed the exec files that it infected – so I had to do a repair in safe mode after saving all the files – it took two hours to go through the repair wizard – then another two hours updating the windows 7 os and downloading avast and other security software so that does not happen again.

    Did send a message to the scum bags that created the virus – they did not keep me down

13. Michelle
    May 03, 2011 @ 21:00:21

    I was infected with this virus just last night. After trying several things to get rid of it and after numerous times trying to get on the internet only to have it blocked by this virus, I clicked on “online support” on the menu bar of Internet Explorer. When I clicked on this option, the Microsoft webpage opened up and I was able to go to the forums and find out about fixes for this virus. Then I discovered that I was able to go online from the Microsoft website and onto the internet to confirm fixes. I ended up downloading the Malwarebyte shareware and got rid of this annoying virus. Where there’s a will, there’s a way! :-)

14. mike s
    May 07, 2011 @ 22:01:02

    i tried to get rid of this virus many times using superantispyware and it didn’t work now every time i try to access the internet and open with pops up can you help me out with something elese i tried also using safe mode by pressing f8 and nothing evry help is appreciated thank you reply a.s.a.p

15. mike s
    May 07, 2011 @ 22:02:18

    i was infected yesterday just today got access to another computer any advice is grateful

16. mike s
    May 07, 2011 @ 22:05:20

    now my comp. just turned off and wont turn on what has happened help me please !!!!!!

17. i will help you
    May 08, 2011 @ 04:37:26

    Press CTRL+ALT+DEL & Select START TASK MANAGER . THEN SELECT PROCESSES & HIGHLIGHT ON yto.exe . AFTER THAT SELECT END PROCESS.

18. Dave
    May 13, 2011 @ 08:50:25

    I used MBAM to remote an infection of Windows Internet Security 2011 from a Windows 7 (enterprise) 64 bit system. Although alerts, reg keys and files seems to have been removed, I can now no longer run many programs as the infected user (click Run As Administrator works)

    Re-running MBAM to see if it finds anything else. Otherewise this system is screwed and i will probably have to reimage it.

19. bill
    May 14, 2011 @ 17:15:54

    infected by win 7. struggled for hours. local office depot offered to remove for $180. to avira knowledge database. to support for home. to line 7 “i have a virus…”. to see also. to how can i get an avira rescue cd. i downloaded and burned cd. installed cd in infected computer. instant success!

20. carlos
    May 16, 2011 @ 21:03:48

    This happens to me quite often when I visit dodgy sites. Ahem.
    McAffee useless at stopping it.
    I turn off computer,
    turn on again pressing F8 repeatedly,
    choose ‘Repair your computer’(1st option at top)
    then choose local user (my name) with no password to get to next menu
    then choose ‘System restore’
    and choose a recent date from the list when it didn’t have the virus. Everything works ok after that.
    If the trojan’s still there it doesn’t pop up any more.
    And so, back to the porn.

21. Peggy
    May 16, 2011 @ 21:54:12

    It is a bad virus that does not allow internet access. Also if you buy the software, it does not work but my Credit card company told me that it was being charged to some place in Iraq!!!!! I put a fraud alert on and had my card discontinued!!

22. Sean
    May 17, 2011 @ 22:39:27

    Thanks Carlos – your solution is the only one that worked quickly – I couldn’t access system restore without using the repair option in safe mode.

23. Dwight
    May 19, 2011 @ 17:28:11

    hi friends,

    I fixed this problem as follows:

    a) Restart Computer
    b) Press F8
    c) Repair Computer
    d) System Restore to earlier check point
    e) Start Windows
    f) Launch Google Chrome
    g) Download Malware Bytes
    f) Run scan.

    If you want to do manual process:

    a) Restart computer
    b) Press F8
    c) Safe Mode with Command Prompt

    The files you need to delete will be in a folder like this:

    c:\users\user\AppData\Local\Temp\
    C:\users\user\AppData\LocalLow\Sun\Java\deployment\cache\6.0
    c:\users\user\AppData\Roaming\bitrix security\

    you can try

    a) del *.*
    b) rmdir [directory name]

    I was not successful from the command line because I couldn’t find where the programs were hiring until I used the scan tool.

    Good Luck………

24. stuie
    May 23, 2011 @ 12:23:09

    does using the system restore method delete everything else off the system??any answers would be great cheers

25. DJ
    May 24, 2011 @ 05:35:06

    Just got infected with Win 7 Security 2011. It didn’t let me access the internet to get rid of it so my solution was to go on a clean computer, download Malwarebytes Anti-Malware to a CD, put the CD into my infected cpu and run the program as the administrator, it was removed within 5 minutes.

26. tembo
    May 25, 2011 @ 16:23:31

    -The only browser that will work if you have this is I.E.

    -Do not try to log in to anything.

    -Un-plug your internet connection.

    Here are a few of tricks:

    The file name is unique based on your computer, and usually takes the name of another program.

    Find the name via taskmanager, ctrl-alt-del.

    Now name a random exe file on your computer the same name then place that file in the appdata\local folder of your user account name.

    When the window pops up right click it on the taskbar and go to properties. Proceed to edit the settings, change the file extention, etc change the right, etc. This will render it useless.

    Malewarebyes is a good way to get rid of it, Norton free is also.

    Norton won’t get rid of it via a scan, but rathere through it’s sonar technology. This examines suspicious behaving programs. After a bout 30-minutes to an hour Norton will detect that it’s malicious and remove it.

    Norton also tells you exactly everything the program did (e.g. which deleted registry keys, how many times it started up by itself, what is blocked) since it had been monitoring it.

    All of this is as a result of removing it from other people’s systems.

    Also note the file is more than hidden. Even if you allow hidden files to be viewed simply going to appdata\local to delete it might not work. But you should try setting your folder options to view hidden (via control panel–>appearance and personalization—>folder options and seeing it it’s there. Always look at the date last modified if you do see a file there.

    Good luck

27. Armando
    May 27, 2011 @ 21:36:41

    Easiest fix:

    Jus change the date on your computer for 7 days ahead of
    Current date. Restart; Gone!!!!

28. Edward
    May 31, 2011 @ 13:15:37

    I am an IT tech for a mid sized co. I mainly deal with hardware installtion and minor software. My boss recently had this problem with his laptop. Unfortunatelly he had already purchased the fake removal tool from the infected site. So the only way to remove after this was to have the PC scanned with a good virus scan and remval tool. Trying to restore it back a few days after he had already purchased the fake scan was impossible. If you get this messege on your PC the best thing to do is to not open or close any of the messeges and run the virus protection that you purchased or own on your PC. If anytime you get a messege that says you need to buy there product to remove a virus, it’s a scam don’t do it. And if your not sure the best thing to do is don’t touch anything and ask some one you trust to take a look at your PC. Most of the time it’s not fully infected to the point it cant be fixed. But once you open or purchase it then your probs. begin. Hope this helps

29. Henry
    May 31, 2011 @ 14:40:58

    Armando, You are right! It is the EASIEST way! :-)

30. Ramal
    Jun 02, 2011 @ 08:11:53

    Again,microsoft screws the consumer.There was another virus similar to this one last year and i’m sure we’ll have to keep dealing with them yearly until microsoft gets their act togethere.I can’t wait to switch to mac.

31. Alex
    Jun 06, 2011 @ 18:26:24

    Thanks all – will try the system restore tonight and report back

32. Alex
    Jun 07, 2011 @ 08:19:40

    Tried this last night, but there was no option for F8 when restarting, only F2 and F12 – neithere of which offer a ‘Repair Computer’ or ‘System Restore’ option. Nor am I able to start the computer in safe mode. I tried hitting/holding F8 on start up anyway, but nothing happened. Is it possible that the virus has prevented me from perfroming the system restore function?

    Or am I just doing it wrong? :)

33. chelle
    Jun 07, 2011 @ 20:28:38

    we had this virus after looking in google images and know a freind who picked it up from there as well. we restored our system to and earlier date and it seems to have cleared. however the only worry is if there is anything still in the background of the computer watching for any sort of financial activity? Can anyone say if the restore method has cleared it completey. we did not click on buy when it came up and since restoring have managed to reinstall our macafee security?

34. Alex
    Jun 09, 2011 @ 13:26:43

    tried using the System Restore in Control Panel yesterday… of course the last restore point was after the date of infection – and there were no alternative dates! The work of the virus again? I don’t know.

    Any advise would be gratefully received

35. Maddy
    Jun 13, 2011 @ 05:09:01

    Hey ! just put a good antivirus thing on a cd from a clean computer and then put it right into the infected comeputer. works goood

36. Ghislain
    Jun 14, 2011 @ 21:59:02

    I saw this thing on a friends computer sometime ago. In a matter of a few hours, she was stuck with the constant pop-ups and wasn’t able to launch much applications.

    Here’s how I got rid of it, manually:
    Restart the computer, hit the F8 key from right after POST and jump in safe mode.

    Once there, open the Task Manager and look through the processes list. Normally in safe mode, only the essential processes are on, which should lead to a very small list of programs to look at. In my case, the malicious program was 3 letters long, and seemed to mean nothing whatsoever, like enl.exe or ypu.exe.

    Next step, in the start menu search for regedit in the programs bar right over the start menu logo.

    Once in the registry do a global search using as your keyword the name of the program, including the .exe. It should lead you to the extensions association list, on an entry located under the exeFile group I think. There you will have the path leading to the actual location of the file!

    It also explains why, whichever program you try to start will immediately launch a pop-up. It bypasses the standard procedure for handling exe files and instead, tells windows: “Hey, to know what to do with any of em’ exe files, you must use that kjh.exe or apw.exe over there!”

    (Note, if you know your way into the registry, you can start right away by searching under the .exeFile in the file association part)

    Now, let’s put that registry aside a bit. To get everything back in order, you must delete the exe at its current location and while at it, why not clear off all the temporary files too. You should also make a regular search then and get rid of any other related files that are at different locations (shouldn’t be much)

    Then the horrible part: you must reverse all the damaged registry keys back to their original values! You can do it by let’s say… compare it to that of another computer and match the values. Or by hitting this link:
    http : //www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html

    and saving the reg key for the EXE extension. Once you execute that on the affected computer, the keys will be restored to their original values!

    Now the computer will be able to boot and work normally outside of safe mode! If you are at ease doing it, you can clean the registry by yourself by removing any entry involving the malicious programs name, or run a stardard anti-virus and anti-spyware scan to finish it up for you (and probably find more stuff).

    I hope, that any part of this lengthy post can be of help to anyone here. And that I didn’t actually forget some important stuff XD

    G

37. Junior
    Jun 23, 2011 @ 04:04:27

    Armando: Thanks it worked.

38. Tony
    Jul 31, 2011 @ 14:30:14

    Armando, Lisa and Junior have it right. Just change the date on your computer for 7 days ahead. I also followed up with Norton Erase Program. Has anyone seen the virus rear it’s ugly head again after this fix?