PDA

View Full Version : Rogue security program - Internet Security - need to remove



Tukapa
12-03-2012, 12:50 PM
Hi all

A mates father has been having issues with his PC. I said I would take a look.

Microsoft Security Essentials has been disabled and won't run, there is browser hijacking and numerous other issues. After a while of running the PC a rogue security program, Internet Security, popped up and started doing it's fake scan thing.

I had initially installed and updated Malwarebytes, Superantispyware and Spyware Terminator. I rebooted into safe mode and ran all these programs which found nothing.

I did some research and found some pages with instructions on removal;

http://www.spywarevoid.com/remove-internet-security-fraud.html
http://deletemalware.blogspot.co.nz/2012/01/remove-internet-security-2012-malware.html

It appears that this program also gets around as Internet Security 2010, 2011 and 2012 as well as the plain Internet Security which this PC has.

I followed the instructions and downloaded, updated and installed TDSSKiller but that found nothing. I ran Trojan Remover which apart from removing a rogue link to Internet Explorer rendering that program unusable it also found nothing else.

I have tried the manual delete method but after all the above I am still having issues.

I am just trying a couple of other security programs but otherwise am thinking I am going to be doing a format and reinstall.

Unless one of you helpful mob can point me in any new direction?

Thanks.

Speedy Gonzales
12-03-2012, 01:32 PM
Follow this. (http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2011)

1101
12-03-2012, 01:37 PM
..... am thinking I am going to be doing a format and reinstall.


It sounds like a cop-out, but thats sometimes the quickest & best fix. Even after you remove the malware completely
you may find that Win is left in a bit of a mess (eg . system files missing, services wont run, cant connect to internet etc etc)

Have you run these AV scanners/malwarebytes in full mode ?? , ie NOT quick scan. Set them to scan all files
They need to be updated before running the scan. This is a must do.
You may need to remove the Hard Drive & scan it via a Clean PC.
Or download Kasperky's boot CD & scan with that .

these fake programs change often , even though they have the same names
so the write up's on removal may not be relevant in cleaning out the last remains of infection

wainuitech
12-03-2012, 02:08 PM
This is going from memory. You have not said what OS it is, XP, Vista, W7 so the start of the path may differ.


The little buggers hide :)


Download and run Rkill rkill (http://www.bleepingcomputer.com/download/anti-virus/rkill) Look at where it finds a random named exe file.

Go to My Computer / Computer open the tools, folder options under the view tab "show hidden files and folders" Navigate to the folder Rkill found the infection --- It may be something like this ---C:\Documents and settings\User Name\Local Settings\Temp or some other location.

Once found it will be a random named .exe - delete it, thats the main "infection", then run Super Antispyware & spybot S&D to locate the rest of the left overs.

Depending on which version it was, there may be other things to do.

dugimodo
12-03-2012, 02:31 PM
I removed it for a friend using instructions similar to what speedy linked. It worked except MSE would no longer function and I ran out of time so I just put avast on as a stopgap. That was 6 months ago, she's still running avast and I still mean to get around to having another crack at it :) It's a losing battle though, some people are just prime targets for malware.

Tukapa
12-03-2012, 03:22 PM
Thanks all

Speedy - looks like a different malware and those files that the instructions identify aren't on this system.

All security programs were updated and scanned in their full modes.

Wainui - about to try your suggestion - OS is Windows XP Home SP3.

Thanks again.

Speedy Gonzales
12-03-2012, 03:26 PM
Put teamviewer on it and I'll have a look. If it wont let you do it in normal windows. Boot into safe mode / networkling. Then install it

pheonix
12-03-2012, 08:58 PM
There is also another program that kills those fake Antivirus programs from Macafee. Haven't used it yet but the original Stinger program was a great program a couple of years ago.

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

pheonix
12-03-2012, 09:01 PM
There is another one I have come across and haven't tried yet as well.

http://majorgeeks.com/RogueKiller_d6983.html

Tukapa
18-03-2012, 12:50 PM
Hi everyone.

Thanks for all your suggestions - I actually found PC Tools Spyware Doctor which did the trick and the PC seems to be virus and malware free now.

It was a nasty bugger to get rid of - the usual programs just didn't cut the mustard.

Cheers.