How To Uninstall / Remove Internet Security 2010 Virus (Removal Guide)
Internet Security 2010 is yet another rogue anti-spyware that surfaced online. The Internet Security 2010 rogue is also a bit of a virus, if you follow the standard definition. But the thing you need to know is that Internet Security 2010 will try to trick you into believing that your computer has serious security problems so that you buy the program. If you detect any of the symptoms we will talk about further, you should remove Internet Security 2010 as instructed below.
Before we skip ahead to removing the Internet Security 2010 virus, let’s talk a little about what Internet Security 2010 does in and with your computer. First of all, Internet Security 2010 gets installed on your computer via malware and will be immediately set to start each time Windows loads. Along with the program, a number of Trojans will also get on your computer.
Remove Internet Security 2010 Using The Guide Below
After you computer got infected with the Internet Security 2010 virus (or series of Trojans), the next time Windows loads, you will get an error message stating that “Worm.Win32.NetSky” was detected on your computer. This is a fake message and you should not pay any attention to it, it will go away once you remove Internet Security 2010 from your computer. Then the Internet Security 2010 rogue will start and perform a fake scan of your computer. The scan report will list a number of infections but when you try to remove them, you’ll “conveniently” find out that you need to buy Internet Security first. Do not buy Internet Security 2010. If it got on your computer, you should use the instructions below to remove it from your computer.
The thing that makes Internet Security 2010 one of the worst of its kind is that one Trojan that comes with it blocks out certain applications. When this happens, you will get a “File is infected” warning and a recommendation to activate your antivirus software (by that, the warning means that you should buy Internet Security 2010. Don’t do that… just remove it using the removal guide below). Another Trojan that comes with Internet Security 2010 will instruct you to purchase a codec, called VSCoded Pro. This also a fake warning (and a scam) that will go away once you remove Internet Security 2010 from your computer.
With the risk of becoming annoying, we will tell you again not to buy Internet Security 2010. If you did purchase it however, you should contact your credit card company as soon as possible.
Ok, now that we’ve told you what this virus and the Trojans that come with it do, it’s time to remove Internet Security 2010 from your computer. Before that, you should know that following closely each step is crucial. In addition, because you will be asked to close all applications and windows, it’s a good idea to print out the removal guide first.
Step 1: Go here and download Malwarebytes’ Anti-Malware for free. Save the file to your desktop. If Internet Security 2010 does not allow you to download anything, you should download the setup on another computer and use an USB stick or a CD/DVD to transfer the files needed. Remember to place the setup file on the desktop.
Step 2: Click here to download the rkill.com file. Once the download is complete, run it. The rkill.com file will make sure the Internet Security 2010 will be closed for good so it does not interfere with the removal process.
Step 3: Close all open applications and windows. You now should be on the desktop.
Step 4: Run the Malwarebytes’ Anti-Malware setup from the desktop.
Step 5: Go with the default settings during the install. CRUCIAL: Make sure you tell the software to automatically update itself (there’s a box you need to check during the install to make that happen). In addition, make sure you tell MBAM to automatically launch itself once the install and update processes are complete.
Step 6: When Malwarebytes’ Anti-Malware loads, go to the Scanner screen, select “Perform Quick Scan” and then click the “Scan” button.
Step 7: When the scan is complete, press the Show Results button under the main “Scanner” tab.
Step 8: Check all the detected infections (so you remove both Internet Security 2010 and all related Trojans, as well as any other malware detected).
Step 9: When the removal process is complete, a log of the scan will be displayed in a Notepad window. You now have successfully removed Internet Security 2010, all related Trojans and any other infections detected by Malwarebytes’ Anti-Malware.
If you have any questions about the Security Tool Virus, you can always ask us on our Forum and we will gladly help.
- THIS POST WAS WRITTEN BY:
- Mihai Andrici
thanks!
you just save my computer!!
it’s works
Problem with fix, I have experienced this three times, now out of 7 removals. If the winlogin32.exe is infected, The fix will not work and you will have to reload windows over itself or do a full reload. My experience, download mbam and run rkill, but after mbam has been updated, run mbam on the windows folder first, if winlogin32.exe is not infected then proceed with as instructed earlier. But if winlogin32 is infected with rogue trojan, back up and reload.
Winlogon32 is not even a Windows file, if it’s there you infected. This file should not be there period.
The correct file is winlogon.exe.
The virus replaces the userinit part of the OS with it’s own. In the registry under HCLM\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT is where the virus makes the change from C:\Windows\System32\userinit.exe to winlogon32.exe.
And no you don’t need to reload if you follow the instructions to the letter Too many people like you who “think” they know computers but really don’t give out wrong information. I am an IT systems admin so I’m not just a wanna be geek.
Its a good trick though you have to admit…
mine is an entirely different thing, called smss32.exe, and once again the correct windows file is just smss.exe, no numbers. You really need to hunt down these malware bits and pieces, because they’re smart enough to change names on you
I got that one a while back and had to give up and reformat good luck
combo fix works excellent on this virus. i downloaded it to a usb and added a dash between combo and fix to fool the virus then ran it. cleared it off. this is when it has gotten in there fairly deep and morphed. i have also been able to go into safe mode and take it out thru add and remove programs if it hasn’t been on long. another solution i used was to find it in c: under programs and drag it to the desktop so that i can delete it, you may have to change it’s name.
Not only is Internet Security 2010 the virus itself, after purchasing it with a credit card, within 10 days my credit card was hacked into and used for purchases totaling well over $1200.
This is not working for me. I get the rkill to program to work (after several tries) which I got to say is a great program. But the Malwarebytes’ is not updating (i believe the virus is stopping it from contacting the website, it’s doing this with all the others I have tried, superantispyware and spyware doctor, which i was told also removes this biotch). Very nasty virus/malware. Will try to post later when I find out the solution. People who make these things need to be hunted down and skinned.
I got the Malwarebyte update to work after turning off AVG Security Shield. It looks like most here were using AVG. Is this virus something AVG is particularly susceptible too?
I copied rkill.exe and the mbam setup from a second drive and OS before running them in the infected OS. It seems to have worked great. Thanks so much Soft Sailor and Malwarebyte.
My computer did the same thing, so after about 10 launches of rkill it finally shut down Internet Security 2010. I did a system restore to the day before, downloaded the malwarebytes again, and it worked. Good Luck!
I got this 2 days in a row. However, on the 2nd day, I couldn’t even run the malewarebytes scan (it said it couldn’t find it), and now cannot even start in safe mode. I need advice! Am I totally screwed?
Yeah, my whole system is fried. It won’t let the computer finish a start cycle. I don’t see my desktop. I can’t access anything but the damn IS 2010. It even disabled the task manager.
What should I do?
its only been on my computer a few days and I’m pissed. Anyone have the address of one of these engineers who built it?
Put this code in run and you should be able to use Task manager.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
After just follow the steps above hope this helps
I hate to say it but you need a reformat. Its around 100 to 200 depending on where you live. The best defense is probibly to just shut off the internet to your computer straight out so it cant install the worse of the stuff. It’s not a huge file so it has to download more i’m sure. I am trying to get it off without third party programs but i cant get it off the start up…its just to far a long.
This forum was extremely helpful, but I ran into the same problems as others with the login/logoff loop that occurs if the machine gets restarted before it is truly “clean.” We were unable to get past the user login in any way–using any of the “safe mode”s, last known, normal, any of them. It would not, even with Microsoft on the phone (which they did without charge) allow me past the login screen. Finally it was determined between me and the MS tech that I would have to use my original five year old xp professional reinstallation disk that came with the computer and reinstall the os.
Here are the steps we took, as I remember them. I will use extreme detail for those out there, like me, who haven’t had to reinstall an os before, especially in a situation like this.
1. turn on the computer and put the reinstallation disk in the cd rom.
2.Manally restart the computer, hit F8 several times when the logo screen comes up. I think you can also use F12 at this point, either one will get you to system set up. On my computer I had to go into setup, choose boot sequence, and disable all boot options except boot from cd rom. Hit enter, hit esc, choos save changes and exit.
3. Manually restart the computer w/xp disk in cd-rom drive. When machine restarts it hopefully will say “hit any key to boot from cd” at which time you hit any key.
4. Windows set up starts. You CANNOT install to the same file folder (/WINDOWS) that the former Windows XP OS was in. Choose the option(s) that take you to “Install to:/windows and use the backspace key to remove windows and then type winxp so that the line reads: :/winxp and hit enter.
5. Follow the the rest of the prompts/instructions until the installation finishes and the machine will reboot automatically. In my case, I only set it up for one user this time (figuring it would simplify and I can set up other users later if I want to) and it went directly to the new desk top.
6. Here is where things get interesting. So now we have two OS systems on the computer. The new installation is, of course, extremely outdated, we have no installed drivers or programs in the startup menu. If we stick with this installation, we will need to update EVERYTHING, reinstall about sixty programs, and reinstall all the drivers for printers, video cards–I had to download and install a new driver for our network card, the computer couldn’t even see the network card itself, much less the driver. So of course I couldn’t even get online. Using my other computer I downloaded the card’s driver and installed it using the cd-rom drive, and then got back online.
7. Microsoft doesn’t seem to be very aware of this particular piece of malware, as the tech claimed that reinstalling my OS completely eliminated the malware and that it no longer existed on the computer. I will be letting him know at 6 in the morning when he is scheduled to do a call back that this isn’t the case.
8.At this point, since I could at least get online, I downloaded malwarebytes and ran a full scan. It came up with 23 IS2010 rogue software issues. I let Malwarebytes remove and let it restart my computer. Then it scared me because when it started to reboot I hit the black screen message “Hit F1 to attempt reboot again or Hit F12 to enter SetUp.” I realized that it might still be trying to reboot from the cd rom drive since my boot sequence was set for it, so I went into F12 Set Up, changed the Boot Sequence so that it could boot from the C drive, hit enter, hit esc, manually restarted, and the computer booted to the new installation of XP and went directly to the desktop again.
9. Downloaded RKILL and ran it. It was only on the screen briefly, so I don’t know if it found anything.
10. As per the instructions on this site, uninstalled Malwarebytes, downloaded it again and reinstalled and am in the process of running the full scan yet again.
We have hade SOME success with the process, but we are still working on some of the issues.
One question we have now, and so far I don’t think Microsoft knows the answer because they don’t really know this virus…”CAN WE, ONCE WE THINK WE HAVE THE VIRUS COMPLETELY REMOVED, GO BACK TO THE OS (I THINK IT IS STILL THERE IN ITS ORIGINAL WINDOWS FOLDER) and if we can go back to that, would we delete the new os file from the computer? Will this eliminate the need to reinstall all our drivers and programs? They are all still on the computer, but installed on the previously infected OS system.
This is where we are at the moment. Maybe some of it will help someone else, and maybe someone can help us finish up with the least amount of hair pulling…
I had the same problem/process, but fortunately one of my best friends is a private in-home computer repair guy, so I was able to do it without having to deal with microsoft.
Yes, I had to use a windows cd to repair the installation. this was fairly simple – but he made no false pretense that it would “fix” everything other than the giant hole left by my violent command-line deleting of major virus parts like doing cancer surgery with a machete.
after it was fixed, he suggested i update (in normal mode) and run spybot, avg, and malwarebytes in safe mode. they have all turned up more tracks and if they do not finish elminating everything i’ll post more tomorrow with what we tried next…
I DONT HAVE MY INSTALLAYTION CD ANY SUGGESTIONS
Same thing happened to me to fix it I went into safe mode by repeatedly pressing f8 at start up.Once the computer booted into safe mode I searched for internet security 2010 on my hard drive, found it and deleted the file as easy as that. for some reason when you try to delete it in normal mode it doesn’t allow because it says “this program is being used by another program”.
Got this thing today, SuperAntispyware detected it, ran scan, deleted the trojans, traced the folder in Program Files, would not let me delete. Looked at properties, said read only, unchecked tick box and voila, deleted the crappy thing. Still no task manager, ran Rkill, and one hour later, looking good. I hope that is the bugger off here.
I’m no expert but if worse comes to worse and you do end up having to reformat your whole hardrive just remember there is a way to get important files off. One method that I use is to run a Cd boot of linux (Ubuntu us my favorite) you’ll be able to access your files and back them up to a USB or somthing(of course not the cdrom your using) good luck
I used your fix the first day I was violated by Internet Security 2010 and it worked great. Thanks for the help.
I have windows xp professional. Unfortunately, the computer is used by more the one. I saw the original problem and ran AVG when I had to leave the computer. Another person unwittingly failed to finish AVG and opened the trojan. Now I can not get past the user screen even in safe mode. I have forgotten the administrtor password. Any help as to how I can get in and run a removal program? At the user screen once the password is typed in, it starts and then terminates by saving the settings.
I was infected by this nasty thing last Friday…..I turned on my computer last night and couldn’t get past the logon. It kept shutting the system down. I performed a system recovery that seems to have removed the virus/trojans. Only problem, I now have to rebuild all my files and programs.
doing a system restore will not remove it, you have to use the malware removal tool, i caught this son of a bitch 3 months ago, i have restored my computer back to factory settings 5 times, the damn thing kept coming back, use the malware removal tool and you should be safe, my only problem is that i have my computer back i can access everything but my google chrome and internet explorer no longer connect to the internet, i installed aol and it worked but i cant use my other browsers, so i guess i still need help
I can’t get past the logon either and it keeps shutting down. How did you perform a system recovery program when you can’t get past the logon page? I could really use the help!!!!
I can’t get this fix to work. Anyone come up with any other options?
this will not work for me either. rkill.com is blocked and anti-malware cannot update. also cannot reboot in Safe Mode?
Any other solutions/ideas?
Use Ccleaner.exe to clean up your computer, and go to the tools option startup items and delete the internet security 2010 file – disable everything else that you do not recognize. Then download and install sdfix.exe . You will have to reboot in safe mode to run it – hold down the f8 key during boot. Next run the malware bytes scan as the previous intructions suggest. You fill find references to internet security 2010 in your program files also. Run Malware bytes multiple times.
This hit me yesterday. IS 2010 disabled my anti-virus software (AVG) and my task manager. It wouldn’t let me do a system restore either. I had to redownload AVG and have it launch into scan immediately. It found all the files and trojans and healed/removed them but then it took me to the sign on screen after the restart. I couldn’t remember my password to save my life having not used it in 3 years. At the end of it all my hard drive was wiped clean and I now have rebuild by programs and files.
I m not even able to run safe mode with command prompt, how did u format your hard drive, I tried to use windows xp cd but it’s not letting it even run.
I used the program and it seemed to work until it came to the end and asked for me tobuy the program before it would block the files. Is this the way it is suppose to work? Nothing was said about this
This seemed to work for me. It got me back into my system anyhow. Not sure if there is any residual damage. That is a pretty nasty virus. Thanks softsailor. I tip my imaginary hat to you.
HEY if the rkill file doesnt work and you get a pop-up saying its infected…… WHile you see that pop-up(without hitting ok) run the rkill program again….. This is an excellent piece of software thanks for making it.
I worked really hard and tried many websites, but none of them worked. I even tried this one but the rkill wouldn’t download, and now, I am so glad 2010Victem wrote this because this singlehandedly RID my computer of IS 2010. Thank you 2010Victem and SoftSailor
Thank you SO much for the rkill tip. I don’t know if the removal worked yet, since I’m in the process of scanning…but you got rkill to work for me, so I’m optimistic. I’ve been fighting this virus all week and really hope this is the end.
Thanks for this little tidbit. Problem seems to be that rkill launches a command prompt, but cmd.exe is blocked by IS2010. This trick worked. Note to article author: add this advice, otherwise rkill is rather useless.
This! My problem was that I couldn’t run rkill but if you open it again while that message is still showing it works.
This was the best fix for the removal of Internet Security 2010 Virus the only thing i had to get past was
if the rkill file doesnt work and you get a pop-up saying its infected……
While you see that pop-up(without hitting ok) run the rkill program again…..
This is an excellent piece of software thanks for making it.
Read more: http://www.softsailor.com/how-to/13827-how-to-uninstall-remove-internet-security-2010-virus-removal-guide.html#ixzz0ZrzTcbin
I got this rotten thing on my pc last nite, 12/15. I had clicked on an AOL story and it wrecked havoc on my pc. I tried your removal method and it seems to have done the trick. I also went to my computer drive program files and deleted it there, and the desktop icon and program in my start menu. So far no problems today. Everything seems to running normally now. The rkill and malwarebytes were the solution.
Thanks so much for posting the method and steps.
Followed the instructions and everything seems back to normal. Had to run roadkill a couple of times.
Thanks
Thank you thank you for showing me how to get rid of this. I followed the instructions and it seems to have worked perfectly. Thanks again
It worked for me. Many thanks!!
I wish I would have found you sooner. I bought the program and figured there was something wrong when I couldn’t find it to rescan my system. I have called the credit card company already and it has not posted yet. I thought it was an extension of AVG that I just didn’t have all the updated software to remove something new. Learned the hard way.
Hey, I just fixed this problem with, of all things, Microsoft’s Malicious Software Removal Tool. Try http://www.microsoft.com/security/malwareremove/default.aspx and click on the Windows Live Safety Scanner. It ran for a long time, but it found and removed “Fakeinit” and I’m back in business! Good Luck, Mark
This 100% worked! Try this link http://www.microsoft.com/security/malwareremove/default.aspx. Completely removed everything!
Thanks to the genius of ,Mihai Andrici,I can go back to re-learning how to walk and Kite Board with my prosthetics,instead of figuring out how rid my computer of this,” I S 2010″.Thanks also to the programmers of rkill and MalwareBytes,seams as it was a collective effort.Personally, I had no problem with up-grading to Malware—Full Version,after they destroyed that nasty LiL bug for free and didn’t ask for any money.
F _ _’ _ wanted $150 to get rid of this virus and they wouldn’t guarantee it would be intact when finished.
All my files are intact,it just took several tries.
THANKS : BILL
contracted the virus on another computer it has windows xp so now have the dreaded internet security 2010 on it but caqnt get pastt the sign in screen, tried to get into safe mode but it will let the computer boot up in safe mode either just goes to the sign in screen
please help and info on how to get past the sign in screen?
Hi,
Awesome !
It helped
Thanks !!!
best regards
hee i am a tech support from a duth speaking country cald suriname and this is the best way i fond to remove this evil virus soo thx voor this you guys are kow in my top 5 advies page list
Hi! I’m going to see Eddie Izzard today. So excited!
Hope you are well. Merry christmas, and long live mystery google
Another one that cannot get the computer to boot-up…even in safe mode. It tries to load and gets caught in an endless logging-in, logging-off cycle. Anything that can be done prior to booting windows to remedy this? This thing is nasty…
I was reading how your computer won’t boot-up. I am now having the same problem, and can’t find any help. Did you get your computer fixed and if so, how? I hate to reinstall as I have alot of pictures that I have not had a chance to save yet. I got this nasty thing just a few days or so ago. Don’t know what to do now. Any ideas?
I had the same problem, check your computer’s bios that both the booting sequence AND the way your computer sees its drives is correct (get someone with tech experience to help you) The error code on this I believe is 24 (if you watch closely you may very briefly see the ‘blue screen of death’ as your computer reboots)
Thanks a million! Your fix worked, although it took me a few tries. Problem was that I had an old (two months, anyway) version of malwarebytes. After “freezing” the virus with RKILL, I was able to download a newer version of MWB. Zap! The next time I ran a quick scan, MWB found and killed an extra half-dozen infections — presumably the same ones that were evading my earlier version of MWB.
U R my hero
Monte, Washington DC
Hope it works, am doing it now. The rkill.com file didn’t work for me atleast I don’t think. Anyways, another way this virus messes with your computer is by messing up your google searches. For example, if I searched CNN, when I click on a link,it would redirect me to some other weird site. It does this to prevent a user finding a solution to the problem. If you need to get to a site, type the address into the browser bar — how i got to download.com to download malwarebytes antimalware. Anyways, thanx and I hope it works. Also, if you have this virus DO NOT RESTART OR TURN OFF YOUR COMPUTER!!!!!!!!!!!!!!!!!!!!, as I hear how some people cant get past the login screen. maybe im overreacting, but better safe than sorry
anyone ever find a solution to the eternal windows log on/log off cycle that this virus creates?
can’t do anything.
help!
Try to change your bios setting. try to boot first from cd, network, floppy drive, and then Hard drive. and if u have windows cd use that. it took me several try then after I got it into the windows repair option.
good luck
I have done the unthinkable, i’ve restarted the computer because it would not let me do anything. It just froze and did not proceed from that point. O yeah the old alt-cntrl-del didn’t work either because the task manager button was rendered inoperable as well. Once the computer was restarted it allowed me to log on but thats it. I am unable to access any files. This a computer that is on a network at work so the sooner i can get them up and running the better off it will be for everyone. Is there any other remedies for fixing the issue of not being able to go any further than the log on screen?
Any fixes for the computer not being able to boot up? I’ve tried safe mode, but the computer automatically shuts off within 10-15 seconds of powering it on regardless of what i’ve tried.
I contracted this virus on Friday the 18th of December – I could not get the rkill.com to run effectively. Still plagued by this evil thing. I am able to turn computer on & off though. Any updates to the rkill?
hello,my laptop got infected on 11th dec and since then i am trying to get it fixed with no success so far, i could delete the registry files and C:/ drive files created by the virus, but since then i am unable to see the “START” button, windows ctrl-c & ctrl-v does not work, i tried running the restore exe but it did not do anything thus i could not even restored to 10th dec setting. still researching as what can be done next, my laptops boots up, shows me the desktop but no bottom task bar. any ideas….rkill did not work though i tried many a times, Malwarebytes’ Anti-Malware did not run succesfully as it gives an error too.
Worked just fine, downloaded newest version of malwarebytes on laptop and copied it to the infected computer.. Doing some more scans just in case. But in short: Good guide, cleaning InternetSecurity 2010 from my other computer wasn’t hard at all after I saw this guide.
I finally found the solution to the logging on/loggin off problem here: http://www.bizzntech.com/2008/06/06/how-to-fix-the-automatic-log-off-of-windows-while-logging-in
Just in case the linked page gets removed, the instructions are:
1. You need to connect the infected computer to a network. Make sure that there is one computer in the network which doesn’t suffer from this problem. Now, switch on both of the computers, i.e. the infected and the working computer.
2. From the working computer, Go to Start> Run, type regedit.exe and hit enter. This will launch the registry editor.
3. Go to File> Connect Network Registry, by using this infected computer’s name or IP address.
4. Locate the following entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In this entry there is a key named userinit, double click on the key and set its value to “C:\WINDOWS\System32\userinit.exe,”
If the problem still persists then you need to run a repair setup.
Bob – Thanks for this tip. It is telling me access is denied when I try and do this, though. Any ideas?
Bob, this is a great post required to fix this cylcing problem that many of seem to be having. However, I cannot get my clean, un-infected computer which is networked wirelessly to my infected computer to be able to access the other computer’s registry over the network.
Can you tell us more about what parameters must be correct to allow this? Must the computers be wired together through a router, or directly connected to each other through Cat 5 cable, or is a wireless router good enough?
If the infected PC is on, and on the logon screen asking me which account to log on with (and then immediatley log off) is being in this state allow it to be accessed by the other computer’s registry editor?
I cannot find out the infected computer’s IP address, but I am pretty sure I know the computer name.
Thanks
I have found that the simplest solution does not involve the antivirus programs mentioned, but rather your computer’s system restore function…which is usually disabled until you run the rkill.com program. (if you get a disabled notice for THIS program then don’t click ok but open rkill.com AGAIN and it should run) Once rkill.com has killed the malicious processes that are wreaking havok with your system, then you can run system restore (as it is no longer disabled) and simply restore your system to a date prior to noticing the rogue program. This is the second one of these rogue programs that my step-kids have naively infected our computer with so I am becoming rather proficient at eliminating these evil programs! Prior to using this method I had tried every other suggested way of deleting the programs spending HOURS trying to do so, and had difficulties with them all! I can now kill and eliminate the rogue programs in 5 minutes, start to finsih, with this method…without downloading antivirus software and running a half hour scan that may or may not detect and remove all of the rogue program’s components. I hope this helps! BTW…I hope the evil fuckers behind these programs are robbed of everything they own, die a horrible death, and burn in hell…TRULY! They are scammers, thieves, and con-men who are trying to steal the hard earned money of innocent victims, and for this they deserve nothing less!
I had to run rkill several times but it finally stopped the rogue program, but I was unable to get Mal to run. Also internet connection was blocked and couldn’t download update anyways.
However, Skydivr’s system restore advice worked.
Thanks for the help
I struggled all day to remove this infestation. I even snapped at my girlfriend a few times. I ran Rkill to stop the program from functioning…then I did a system restore to 3 days back. Seems to be working fine.
Thank you for your help.
If you use windoZ, you are getting everything you deserve. I have linux and mac computers. They are all running fine. I had a friend bring one of these to me for repair. The logon cycle seems to be the killer. I (being a unix user) can figure this out. Although I much prefer to use a computer for something useful on a stable platform.
caveat emptor ……. let the buyer beware!
peace
Still cant fix the boot cycling. The fix mentioned above is difficult because we do not know the computers IP or even sure about the name. Any ideas or more details?
thanks for putting this up i feel much better now that im not the only one you saved my life i can’t get that stupid desktop screen out that say my computer is infected
I just got hit by Internet Security 2010 this morning. I was having trouble getting both malwarebytes and rkill to run. The software seemed to block them no matter what approach I tried.
I finally tried this….and it worked. Boot to safe mode. The virus warning will still pop up. Run rkill once and the warning will pop up. DO NOT PRESS OK. Run rkill again and it will disable IS2010. Then run malwarebytes. Worked for me.
Help! When I tried to download, the error code 732 (12007,0) came up. What do I do now?
I LOVE YOU!!
thanks a lot!
Not sure if this is of use to anyone? – I caught this yesterday via facebook and it disabled Norton and generally stuffed my computer with pop ups, I am a total ignoramus with computers but researched a few forums and in the end did this – system restore to a few days ago then I downloaded spy bot search and destroy which is free and also Avast anti virus free download which had worked for others, after running the spybot today the popups dissappeared, the Avast is still scanning but my computer now seems to work normally and Norton is now restored, if I had seen this site first I might have tried this way but what I have done so far seems to have worked. I totally agree these b……. that write these things should be skinned alive!
it works! thx
Internet security 23010 virus-Stuck!!!! HELP ME!!anyone ever find a solution to the eternal windows log on/log off cycle that this virus creates?
I do not have any icons on desktop or the start button on the computer.
The only way I could fully remove this was to do a complete OS reinstall. Even when scans say it’s clean, the pc crawls.
guys check this link to remove internet security 2010 virus, it is explained in more details with step by step process, hope it will help u as it helped me to remove the virus
http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010
Just wanted to say THANK YOU!!!! A few months ago I previously had this virus on my computer and paid a kid $80 to come to my house for 2 hours to fix it, and then got it again this past weekend. Using your site and instructions I was able to fix it myself (mucho self gratification) and save $$!!!! THANKS!!!!
Cheers for this bud; saved laptop from being wrecked and work finding out haha
I am working on it right now. Running the rkill and it says
“Terminating known malware processes, Plase be patient”
It has been 20 minutes and still says the same. Is it normal?
It works! God bless you!
I used the link that Ayman posted because the virus was deleting the Malwarebytes exe file making it unusable. Thanks for the original post and the updates, lifesavers.
This link will tell you all you need to know about getting rid of this scourge. It details some important work arounds that I did not see on this or other sites.
http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010
Those who have problems getting beyond log on or are having trouble getting on safe mode and accessing windows due to IS2010 go here:
Make sure you follow instructions promptly.
This will get you to where you can use your antivirus to clean up your PC.
Read Everything:
http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop/5/
Good LucK!
ahh you guys are all love >:D i tried several ways of solving my problem before i found Ayman’s link most efficient. comp working beautifully now
Followed the guide above and it worked perfectly. Installed “Microsoft Security Essentials” and no virus found. Computer is running great, performance CPU usage at 0-3% dormant. Kudos to the website here for helping us combat this crap!
I found a simple way to get rid of it..
Go to start then there should be search, open it.
on the side click all files and folders.
then type “IS2010″ into the first box then click search.
Wait until the search is done.
you should have about 2 results
The Right click the first reasult and click open containing folder.
when the folder opens delete the things inside the folder.
Repeat this with the other results!
I hope this works for you it worked for me.
i did what u said but i couldnt deleted the folder that had the IS2010 icon on it. it says “Cannot Delete IS2010: It is being used by another person or program. Close any programs that might be using this file or try again later.”
What do i do now?
Delete the files in safe mode, worked for me!
I think I messed up. Can anyone tell me which folder the second file is in when you do a search?
I tried every method here (and more) and finally resorted to a program that deletes files when you reboot (my daughter’s computer would not start in safe mode). While it deleted the 2 files that come up when you search (because I told it to) I’m wondering if I messed up. I only noticed after I deleted the files that the wording in how to remove this is to delete all the files in the 2 folders and I didn’t delete everything in the second folder. I’m hoping this makes sense.
The reason I think I messed up is because even though now her computer is a thousand times better it’s not completely removed. It seems like it’s trying to get me to download the virus again with 2 warning messages. Should I have taken everything out of the second folder instead of just deleting the 1 file that came up?
what did u do after you u deleted the files
Wow thank you so much. After about a week of trying to figure out how to remove internet security 2010 i finally came across this site and in two simple downloads it is now off of my computer.,.however my desktop background is still messed up (But hey i can live with that) thanks again!
After removing this virus, I noticed a problem with being able to open pdf files.. is there a repair for damaged or altered files after removing IS2010?
the virus wont even let me open the internet, and when i try to kill the process it has the file is infected on the taskmgr so i cant do that,plus wheni try to delete it, it tells me that it is being used by another program. PLEASE HELP!
This fucking Internet security thing won’t let me open my Internet. I’m doing this from my iPod. Help?!?!?!? Also how did my computer get it?
If you’re like me, I got infected via a bug in Adobe Reader when I downloaded an infected pdf.
Fortunately, I had Zone Alarm running and was able to stop it before it had completely installed itself. I allow only very few programs to access the Internet without explicit permission (and unless the program has a damn good reason the answer is no.)
Being my web access was not blocked I was able to surf around a bit and find some good advices on how to handle the problem. I also knew that I didn’t want to reboot my computer at that point.
Here’s my advice on handling it.
If your still logged on to the computer and have the popup saying the file is infected,
first – don’t close the popup.
Go to the system home directory and remove as many of the infection related files as you can. There will be several that you won’t be able to delete, as they correspond to running programs.
The virus disables your task manager, so you can’t kill the programs. But you can re-enable the task manager by editing the Registry.
Regedit HKEY_CURRENT_USER/Software/Microsoft/Windows/Policies to remove subkeys that restrict access to task manager & other programs. I removed them all.
Now try again to open the task manager and kill the virus programs. The rkill that people mention should
work as well.
When you get the virus programs killed off, delete the
files in the system directory that you weren’t able to
delete before.
There are several other registry settings that need to be updated as well. Most importantly an entry under
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run that would restart the trojan upon reboot.
The other thing that quickly informed me something was wrong was that Task Manager stopped working. I also always keep this running.
Oh – one more important registry setting
(the virus sets this to winlogon86.exe, i believe)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In this entry there is a key named userinit, double click on the key and set its value to “C:\WINDOWS\System32\userinit.exe,”
I did everything you said but sometimes when I restart my computer it comes back and other times it does not. Also is there anything I can do about the background?
What Is The Red X At The Side Of The Screen Mean???? Need Help
I had to tag this SOB with multiple anti-malware programs. The rkill file provided is a great way to stun it and I had to use it multiple times during one scan. I had to scan it multiple times with different products. The Malwarebytes did not work the first time. To get it to work I had to hit the IS2010 (which comes with a whole bunch of other dirty whore-like stds) with SUPERanti-spyware. I had to watch it until the virus count maxed out and then watch the pc freeze. Then re-boot and hit it again with the Superanti-spyware. Once it hit what I thought was the max, I ended the scan, had those viruses that were found deleted. Then re-booted and hit it again with the Superranti-spyware (hitting the rkill at the beginning and once more when things slowed down). Then re-booted and ran the Malewarebytes. Then rebooted and hit it with PC doctor. Then re-booted and the AVAST program could catch all the hidden viruses that were being blocked. Everything except the PC doctor is free. Good luck, and if you find the designer of IS2010… post his address on the internet.
the damn thing completely fried my computer. i cant even boot a new windows disk. can someone help me reload windows. start over fresh/
if you have mcafee, does that do anything?
and how can i be sure that some asshole won’t put another virus on malwarebytes’ anti malware if i were to download it? it’s like the hottest chick in school (usually a slut). how can i trust it?
i deleted the internet security program but the actual virus is still here
does it stop you adding files to burning rom(ashampoo), because ever since ive had this, it wont let me add files to be burned, comes up with an error.
Any help appreciated
lee
I followed the instructions exactly, then ran McAfee. It is gone in its entirety. Thanks so much for the information. The virus was almost devastating.
the virus has cleared my desktop and now i cant get the maraware but, when i go on safe mode i can get it but no internet connection to update it. the rkill thing is appenrly infected too someone please please please reply to this im in desperate need of help
I tried to follow these rules to delete the virus but when I went to run the rkill.com file it wouldnt let it run. The I couldnt run the malwarebytes file because it would stop it. I restarted my computer to try to go into safe mode and I got the blue screen. So i tried to just restart windows normally to try the rules again and now im gettin the blue screen there too. I cant even get onto my computer! I am using my fiances laptop at the moment. How do I get rid of it when I cant even get back on!? Someone please help me!
I have the InternetSecurity2010 virus in my notebook. After the scan with AVG, nothing…..i reboot my pc but it doesn’t start, but it ever reboot itself, in everything start mode(normal, safe,…..)….what can i do??????Help please (and sorry for my english)
I have the same problem as Mark and cannot open in safe mode or the last known working configuration. XP continually reboots itself.
I am hoping that the recovey console on the original XP installation disk has some way of removing the registry entries relating to the virus?
Further guidance would be appreacited before I decide to do a clean install of XP. I have some work that I didn’t get backed up before the BSOD came up on my machine
Thanks for this! It was as easy as you said it would be!
I removed the virus, but internet is not working (skype & remote connection available, but cannot open any page…
Please help
I just wanted to say thank you so much for this. I’ve had that Internet Security virus for about a week, and I just followed the instructions (I had to download the Malware and rkill to a cd from another computer) and got rid of it. Try this guide out it works!!!
Warning!!!! Went through the process (irritating popups but I could get to my programs and files). Now my system cannot boot. since I have a backup of all my data I have had it it with Microsoft and IE (yes, I had Norton running and current). Going Apple. enough is enough. Now I won’t have to be wasting my time on silly blog and looking for ways to prevent this kind of stuff. adios!
GFS
Looks like most people are unable to open internet or run the program or save it, ect, ect…All this works but it MUST be done in Safe Mode if u r unable to do it in normal mode…
Wow. Possibly the most insidious bit of evilware I’ve encountered. Stopped pretty much everything on my laptop from working. Strangely it disabled my internet connection, so how I was supposed to fall for the scam and buy the thing online I’ve no idea. 4 hours later and the assistance of this site and malwarebytes and my computer’s nearly back to normal.
Internet still isn’t working properly though, somehow when my wireless on it messes with the other computers on the same connection. Any suggestions?
Thank you thank you thank you!!
Thank you so much! Was really scared for my computer until I found this site. Performing like nothing even happened to it, thanks again!
i tried all of this but it wont let me run anything. i cant get inro regedit i cant run my virus, cant run malware or rkill…closes everything HELP ME
My desktop computer is infected with Internet Security 2010. I cannot delete it from my C drive or access system restore or access the internet. I am trying to download malwarebytes from a laptop computer and save it onto a USB drive to then transfer onto the infected desktop. When I put the USB drive into the infected desktop computer and click on malwarebytes, it simply opens the folder to show me what is inside instead of running the program.
Several posts have said to “rename the .exe” but I have no idea what that means.
Can someone PLEASE help me!!
at first the program worked remarkably but then when i went to run rkill program again along with the othe rprogram to make sure the damned internet security 2010 was off my comp it came right back along with it wont let me accerss the internet to update the program that u guys recomended a little help would be appriated. btw my anti virus i use is avast
I did all this and though it didnt update it found 13 infections and cleaned them, I restarted the computer and everything seemed fine but it must have re-installed itself while I was away from the comp (a 5 minute interval)
im scanning again but what should I do if it re-reinstalls itself?
Just reposting for those of us still suffering from the continuous log-on/log-off cycle. I couldn’t get the network fix to work (told me I did not have permission to change the registry from a remote computer). Also – it seems that some folks don’t have the ability to network in.
Is there something that can be done from DOS to fix this? If a repair is necessary, is there a way to copy files that weren’t backed up via DOS? It seems that permissions to copy from My Documents are blocked in DOS.
Thanks for any help!
John
I clicked on a resource link on a web page and this malware installed itself. I tried Malwarebytes and Rkill and it found and deleted a number of entries, but even though I ran it several times, and even manually erased everything I could find, the program kept reinstalling itself and shielded itself completely. So, rkill never found the seed file. I ended up installing Spybot Doctor which prevented IS2010 from launching on reboot, then I did a system restore and the system is now working just like it did before I got the malware.
Hrm. Started trying to remove this virus 12 hours after infection. Couldn’t get to the net from laptop, so downloaded recommended programs onto pc at work, and took to laptop with flash drive. No problem. Ran rkill, got error message, left it there and re-ran, no problem. Installed Malawarebytes and ran quickscan as instructed, no problem. Found 13-14 infected files, followed instructions to remove, and let it reboot when it requested… upon reboot BAM program is still there. Ran both programs again, this time with full scan, found 7 more bits, removed, let it restart, BAM virus still there. Did search thingy, found files, removed them, removed shortcut from desktop, repeated two programs running scan again, it found 13 more files… the same ones that were supposedly removed the first time! (Fake-something-or-other and hijack files), let it restart, virus still there. Tried the rkill then system restore, it won’t let it restore. Tried spyware dr, but it won’t run without updating first, and can’t connect to update.
I’m stumped. It’s a fairly new laptop, don’t have alot of irreplaceable stuff on it, tempted to call it a wash and take it to get completely wiped and reformatted.
Just tried the whole thing again in safe mode.
No love.
This fix just plain old isn’t working.
This is one stubborn bug. Anyone have any suggestions?
EUREKA!!
Actually got to the point where I started to get caught in the log on/log off cycle.
So I turned the blasted computer off, calmed down, and came back and turned it on and F8′ed to Safe Mode.
In Safe Mode, I Uninstalled the rkill and Malawarebytes, and reinstalled them while still in safe mode from the flash drive. THEN ran them again, restarted in safe mode, and did a system restore from there.
It appears that the problem is fixed, because all scans are coming up clean now, and I just got off line with Norton Support where they fixed and updated my Norton.
So, if it’s not working, uninstall the fixes, go to safe mode to reinstall and run, then do a system restore from there.
Thanks it help me !!!
When I tried to run Rkill.com the virus stopped it from running.
Cheers to original poster!
Worked for me.
But… couldn’t connect to internet on infected computer so I using 2nd computer i put the downloads onto USB stick. The USB stick was not recognised by infected computer. (Maybe if you burn’t them to CD it might work?)… So from the infected computer i navigated to the files on the 2nd computer’s hard drive through the network. Ran rkill which allowed me to copy anti-malware setup to my desktop. Ran that & problem solved.
I actually did it all in safe mode (with network support) but don’t know if that was necessary.
p.s. upon first boot after removal i still couldn’t connect to internet because the proxy server settings set up by the virus were still in effect. In internet explorer go to ‘Tools’…internet options…connections…LAN settings…and UNcheck proxy server.
Lee.
Hi,
Sorry to ask this questions even despote all the posts.
Can someone tell me the step by step procedure for deleting this blasted virus?
I can see many solutions of posted on here, but just want the definitive guide to removing this virus/rogue.
I cannot connect on to Inetrnet Explorer to update the malware software.
By the way, I’m quite computer iliterate and so will require a dummies guide if at all possible.
Many thanks
Darren
I had to take my computer in for a tech to try and remove this virus. I am able to log on, but this aweful thing prohibits my desktop from being view. The desktop appears in an instant, then disappears. My tech removed this virus from five computers so far, but unable to get pass my log in area. If anyone knows how to get pass this situation, please post here.
I’ve gotten this demon of a virus, which had all the usual symptoms AND it completely blocked my internet. I burned rkill to a CD on a different computer and brought it over, used it with Malwarebytes, and successfully got rid of the virus. I deleted all associated registry entries and files also. It’s now completely gone, except my internet still does not work. I’m on my sisters laptop, where the internet routes through the main computer, so I know there’s no problem with the connection. How do I get my internet to work again!
have you done a system restore to a day prior to infection?
Best advice from me to anyone who has this virus/malware …save your files and reinstall operating system. Then get a good antivirus installed, worth every penny after all the headachs this will cost you in the long run
Thank you!! Thank you!! Thank you!! I couldn’t have cleaned my computer without rkill.com. Its because of heroes like you guys that we have some protection from internet scum.
We got this malware today. Tried to install Malwarebytes, but kept getting an error right at the end of the install. So, we installed Spyware Doctor first and did a scan. This removed enough infections to allow Malwarebytes to install. Once installed, Malwarebytes found about 200 more infections and removed them. Fingers crossed that this will work!
does this really work?! im a bit hesitant cuz i tried almost everything.
*IMPORTANT UPDATE*
Because the 2010 Internet Secturity virus blocks the Malwarebytes’ software, you have to install it a second time and save the mbamgui.exe file as a different name to the same folder, but as a different name so the virus can’t detect and block it: C:\Program Files\Malwarebytes’ Anti-Malware
More details here:
http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010
Hi all, got up to the log in/logout part. Managed to get the destop changed and internet working again. To do this you need to have gotten the taskmanager back, then its just a matter of looing throught the processes and ending the tree of the ones you dont know. Sorry I cant be of more help.
I did a system restore to the day before I got the infection and was then able to run regegit, taskmgr etc and remove all traces of the thing. This will work great for you if you have not installed any other programs between the restore point and now.
System restore keeps all your documents, music etc. intact and restores only the os settings.
As soon as I ran rkill program, it removed the virus and then I ran the malware and that has removed this nasty virus.
So far, so good. Hope it does not come back.
We can easily track who is benefiting from this virus. Just follow the money, who is getting paid and then hammer them. May be they are in Russia.
I got this virus today, and it not letting me even pass the login into my account. I tried to run it in safe mode with command prompt, I want to format it but it’s not even let me do anything.
How can I format my hard drive coz it’s not even let me go to any other screen then welcome screen.
Please show me a way to do that
I did everything and ran the Malwarebytes scan at least four times immediately after I got rid of the virus, but infected items keep popping up. Why? Is it still there?
thank you!
this worked perfectly.
got me out of a quite nasty situation.
This fix works!!. Thanks a lot every one.
i only used step one and two
lifesavers. Thankyou so much for the help
I had to install MalwareBytes on a thumb drive but IS2010 still deleted the exe file. So I had to go to another computer and copy the mbam.exe file to the thumb drive and set the read only attribute. After that mbam ran and I finally got the stupid thing removed. Hope this helps and thanks for the ideas above.
I can’t reboot my comp at all.Not in safe mode, not in ‘last known config” etc. It looks like it’s rebooting, the window’s page looks like it’s going to go to my start page- then for an 1/20th of a second I see the “blue screen of death” and then it goes back to my reboot page.
My comp was custom made for me and the company that built it has since gone out of business-I never had a recovery disc for this and I had even tried my disc for my old comp- but that didn’t work. I’m reading all of these hints but I don’t know if I can do any of this- Does it sould hopeless for my comp?
I would strongly suggest that you format your hard drive up to this point.
However, if you have some files that you really need to save and are using Windows XP (this sort of thing happens a lot with XP), you can try this:
Set you hard drive to boot from CD, insert the Windows XP CD, and then try to repair (not with the Recovery Console) your existing XP installation. This will not make things all better, but perhaps you’ll have a chance at saving what you need.
Another downside is that your files might be corrupted, but that can easily be fixed if the computer you are saving the data on (I recommend using and USB stick) is protected by a strong and updated antivirus suite (BitDefender, Kaspersky and Norton would be my personal preferences).
Note that this is very risky, as you might infect the second computer as well. In addition, it might not even work at all. I strongly suggest that you try this only if you have very important files on your computer, and even then, you should be aware of the risk.
Just so you can avoid this sort of thing in the future, you should always have an updated and active security suite on your computer.
Cheers,
Myke
Thanks for the post. Followed your suggestions and all is well now.
Many Thanks for publishing this fix. Worked great!
Thanks for the instructions. I wouldn’t have known what to do without them.
I picked this virus up after having my new computer online for only a few days. I used the instructions above and managed to get rid of the virus, but some of my windows files were corrupted from the trojans it installed. Explorer will often crash, and I sometimes can’t open my email and get a “MSOE.DLL can’t be loaded” error message.
The trouble is my new computer is an HP and it didn’t come with a backup copy of Vista. Does anyone have any suggestions? Am I going to have to buy Vista again or will HP give me a copy?
I agree with the others who said that whoever designs a virus like this should be skinned alive.
I used hijack this and removed:
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O4 – HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate32.exe
O4 – HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
This may also be on it, but was not on mine:
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O4 – HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
I was able to end the virus program and get system restore up and use it, which worked! I went back a week before it started, When I tried to use Malwarebytes, the virus would restart my computer when it found something. Use Hijackthis and then system restore. It will work!
ok, i dont know what to do, because if i try to log onto my user, the screen turns blue, and ive only had this IS2010 for a couple of days, I click on my user but it stops halfway inbetween that and the desktop. i cant run anything or do anything and running the recovery tool for norton dosent help, so what will i do?
Thanks sooooo much it worked perfectly!!!!
Thank you.. Lunch is on me!
hi thanks a lot…!!
The virus wouldn’t let me use my Verizon Security Suite…ran these programs as instructed. Worked great! Something worth mentioning: when it was done, two things happened: my desktop turned white, as it went into “Inactive Mode” or something like that. also, the bad programming left an image on the desktop WARNING, etc, lookied scary, but turns out it was only a desktop image created by the virus. Thanks guys, real good stuff!
worked great. many, many thanks!
Many thanks, it worked perfectly.
This fix worked perfectly.Thanks for the solid info softsailor! This thing took over everything. No taskmanager no registry. All together the fix and scan took about 1 hr.
Thanks again
RKill and Malwarebytes’ Anti-Malware together did the job for me. We had the initial virus for a few days, on my daughter’s laptop. We think it arrived through a bogus Facebook email. It shut down Task Manager, and system restore and produced the pop ups and the “red cross”, etc. I couldn’t delete the registry entries or anything. Then IS2010 appeared today and I found your solution. I’ve just followed your instructions and it worked perfectly. Thank you, thank you, thank you. You guys (and whoever wrote Rkill) are fantastic.
THANK YOU THANK YOU THANK YOU
I followed the steps and it was removed successfully!!!
I let MBAM run a fast scan on my PC,and when it stop scan I just deleted all that wich was shown,now my PC works great.
WOW thank you so much! This is my parents’ computer and I saw that it was on there today. It was a pain in the butt having this on the computer! It was so annoying. I did exactly as you said and it worked PERFECTLY! Thank you thank you thank you! (etc)
Well, this bugger got past COMODO, AVG, and Norton (had it on four computers) and managed to activate on the Norton machine. I can tell you it can infect XP HOME, XP PRO, Vista Home Premium 32 bit, and Windows 7 64 bit. With the help of this post I removed it from the XP HOME machine after it activated and the others before it activated. It was hiding itself in a bogus HP\Drivers\…. set of directories that actually looked like printer drivers.
Only lasting problem is it hid itself in the recovery partition of my new HP Desktop and most likely blew the partition up when it got deleted. Not to worry, I have the recovery DVDs.
What a fun Friday night this has been!!!!
Should i download it as soon as possible or whenever the problem occurs? Thanks a lot.
Thanks so much. My laptop was infected yesterday evening and I was so relieved that this removed all the nasties. So far all is running well. Thanks again.
Great Advice:
At first I had problems getting the RKILL File to work. Here’s what you do: If the rkill file doesnt work and you get a pop-up saying its infected…… WHILE!!! you see that pop-up(without hitting ok or x’ing out) run the rkill program again! I had to run it twice but it finally shut down the virus and allowed me to run the Malware program. Thanks for the excellant advice! it worked perfect!!!
I really don’t know how this stupid virus was downloaded onto my computer. It popped up that my computer was infected, didn’t ask for to download, did it on it’s own. This program ahs saved me a whole lot of money. Thanks.
Thank you so much for this. Removal really is as easy as they say in the article! Thanks again
This is the nastiest biotch i’ve ever had on a computer. I literally had to upload all the programs (rkill and updated malwarebytes) with my laptop and then install them via cd, since this bastard disables your ability to upload the latest version of Malwarebytes. My previous scan found 8 infections with malwarebytes, with the newly uploaded software already found 6 more,this thing is pissed, my computer is only scanning about 10000 objects an hour. Hopefully, i will finally be rid of this god forsaken thing.
Got hit with this today. Immediately closed everything and then searched and found this fix. It worked just fine.
Thanks a million, fellas.
Franco
Brilliant work, everyone. The Internet Security 2010 virus came off my computer like taking off a a glove. This would have taken me hours to do myself. FYI, the RKILL program operated, but did not seem to stop the program from “playing,” however, I invoked the Malwarebytes Anti-Malware and it just stripped trojans, rogues, hijack virus components out of the registry 1,2,3. Again, thank you; all is appreciated.
THANK YOU SO MUCH! I tried everything, I even had Malware Bytes already, but without downloading that rkill, but once I did…it fixed it all. Thanks again!
Seems to have worked thanks for the help. If you find out where the jackleg is that came up with this I will be more than happy to give him a donkey punch for everyone!
What were you doing when you got the virus? My AVG 9.0 was actually doing a daily scan/block as I simultaneously listened to an MP3 audio file. Exactly at the end of the file, a message suddenly popped up saying the codec was insufficient to play MP3, WAV, and 100 other audio types. Then a slurry of messages came up. (Note to developers: I saved screen shots of the various messages; I can forward them if you wish.)
Hey. My step-mom got this S.O.B. spyware garbage on her machine. If you get stuck into the logon/quickly logsoff righback on off cycle, do a search for the think in pixels, log on/off. Chances the pukeware changed the userinit.exe file to something else. Once you get that done, then you can get to safe mode. Once in safe mode, YOU will have to make sure you remove all traces of it.
Great process, saved my computer and files from certain demise without the costly computer tech fixes.
***IF YOU ARE GIVEN AN ERROR MESSAGE WHILE TRYING TO RUN RKILL, THEN TRY LEAVING THE ERROR MESSAGE UP AND RUNNING RKILL AGAIN OVER IT. this was a problem for me, but otherwise follow the steps provided. Many thanks to softsailor, malwarebytes and rkill
I cannot thank you enough for ridding me of this virus! Thank you so much
Hi, I following the instruction, and removed the Internet Security 2010 successfully. However, after reboot the computer, the network does not work. It shows “Limited or no connectivity”, anyone has seen the same problem?
Thanks!
I followed the instruction and Removed the virus successfully.
However, after reboot the computer, it lost internet connection.
The LAN connection status is: “Limited or No connectivity”.
I tried “Repair”, get following error:
Windows can not finish repairing the problem because the following action can not be completed:
Renewing your IP address.
Please help!
Thanks!
I followed instruction and removed the virus successfully.
However, after reboot the computer, it lost internet connection.
The LAN connection status is: “Limited or No connectivity”.
I tried “Repair”, get following error:
Windows can not finish repairing the problem because the following action
can not be completed:
Renewing your IP address.
Please help!
Thanks!
Thank you so much for all the info regarding this biotch!! What a nasty little nasty this one was!
It took several steps to get rid of it but I was finally able to by using the suggested downloads. It just took several times before it took.
Bless you!!
This was so easy just printed and followed instructions just like it said and worked
Can’t thank you enough Thanks
THANKYOU SO MUCH!
i finally got rid of this thing, all thanks to you!
this thing is weird i have looked multiple times for it in the add/remove programs thing and i have yet to find it and the
REG addHKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f command in run will not work i just put malwarebytes on my flash drive and its currently scanning but why does this program only let me go on certain sites i mean i cant go on youtube but i can go on google video? whats up with that?.. once i scan fully with malwarebytes will it just go away? once again thanks for the help was a great post and helped alot!
also i wanted to ask but forgot does anyone know where this comes from? like idk if my son or something did something on the computer to get this if anyone knows how they got it can you plz reply and tell me thanks once again eddie
I just got this one around 5 am this morning while surfing the Pennysaver classifieds online. I clicked a curious ad offering to sell you a new SSN and figured it was a scam but wanted to see. Well I went to their website and I think when I clicked the “buttons” that redirect to informational pages on the site is when I contracted the HIV. I ran a search for all files modified in the last 2 weeks and pretty much everything that was tied to this fast working trojan happened around 5 am today, while I was there.
You could do a search for all files between a certain string of dates, and when the search is complete click the date header to organize list by date, then start looking over them for “42.exe”
“IS2010.exe” and “warning.html”
They will all be grouped together. (If you haven’t removed already) there you will see the time. Then you can see what else is in that time frame on your web browser history.
All I want to say is THANK GOD for Soft Sailor!!!! I had 487 infected files!!! Your process worked! Thank you, Thank you, Thank you!
thx so much this help fix my family pc
Hi, I’ve been following various steps here and am making progress. HOwever I can’t change the desktop image – any advice on restoring that? My desktop is in active mode and won’t let me restore and won’t let me go to properties and change the background image. Thanks.
I am personally in love with whoever figured out how to fix this. My computer was about to bite the dust, but not anymore! And the steps were super easy to follow. I just had to restart my computer in between two scans, and it works perfectly now!
After much trying and frustration, I could not get rkill.com to work. However i downloaded “Process Explorer” (free, and better than Task Manager) on another machine, transferred it with “Malwarebytes’ Anti-Malware” by memory stick to the infected computer. I used Process Explorer to kill the “Internet Security 2010″ processes, and Malwarebytes to clean up the mess … I hope it’s okay tomorrow!
“Internet Security 2010″ became so frustrating because it was using up 75% of my CPU all the time, and doing everything in its power to block. The solution took me 15 minutes, figuring it out took 5 hours
Process Explorer is at: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Malwarebytes removed this virus from my computer by itself because the virus prevented the rkill program from working (however I should mention that my firewall had blocked part of the virus in the first place so I was having all the issues EXCEPT actually seeing the “Internet Security 2010″ interface where I guess you are told to give your credit card info)
Thanks for this article and another one I successfully removed IS 2010. Just want to provide some update information that might help others:
1. the malware hit my PC seems to be a new version of IS2010. I tired to kill it by rkill.com but it always shows “application infected!” and rkill.com won’t run. when I try to run taskmgr,cmd, regedit or system restore in safe mode, they all shows the same “application infected” then start IS2010 scan crap.
2. Finally I found out if I copy the \windows\system32\cmd.exe and rename it to 1.exe, it can run and I got a command console. I runned rkill here and still no luck, then I found PsTools from Microsoft http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx are still working. So I runned pslist and found IS2010, killed it by pskill, tried to run rkill.com again but it still invoked IS2010, finally found another process smss32 is the other process. After killed it, rkill can run successfully. I checked program files\internet security 2010 and found it was created on 11:56PM, so I searched my harddrive for that time period and found three files :
\windows\system32\windhelper32.dll
\windows\system32\smss32.exe
\windows\system32\winlogon32.exe
I unregisted the dll, deleted those files.
Scaned registry and found thos entris:
HKEY_CURRENT_USER\Software\IS2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “smss32.exe”
new :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Userinit “winlogon32.exe”
changed it to userinit.exe.
In my case the problem with no internet access and the application error in svchost “The instruction at 0×7d4caa9b referenced memory at — ” has been solved with START | RUN | typing CMD and clicking OK (or RUN), then typing
“netsh winsock reset” and restart the machine.
Here is one for everyone out there. My desktop (using laptop for this) was infected with the lovely IS2010. After the many suggestions seen on the internet for Spyware Doctor and other “free” spyware removal tools, programs or whatever they’re called, I downloaded Spyware Doctor and ran a scan. It did in fact locate IS2010 along with other garbage and to my shock (sarcastic) in order to have it removed I have to pay…what happened to the “free” removal. Now that my computer is totally disabled I am beginning to think that the J-O’s that advertise their “free” removal tools, programs and such are the same tools that are creating the havoc in the first place. To the creator of spyware, malware and future ware’s not yet named I have four numbers for you to figure out…7625!
I have tryed spydoctor but can’t access internet exployer i have manually deleted internet security 2010 just long enough to get malwarebytes downloaded running scan now but IS2010 keeps slowing it down I boxed ankled and selected full scan taking a bit.How come they don’t find out who started this junk and tar and feather the dirty dogs I’m not normally a violent person but I think I could actually shoot one of their toes off.
I have followed all the steps, and now I cannot Load windows. It Says “Loading Settings” then “Logging Off” and I cannot access Windows? What can I do now???
That was a close call.. thanks for the valuable info ! It just about fried my Thinkpad’s custom XP pro load in short order. I tried to run rkill.exe and it didn’t complete. I had to burn the Malwarebytes and rkill onto a CD on my desktop, since after the infection the laptop wouldn’t recognize the thumb drive, or connect to the wireless after I disabled the wireless connection like a dummy.. it wouldn’t re-enable manually – *connection failed* . The wireless revived after (a nervous) restart. It took about 5 attempts to download the update for Malwarebytes, kept getting an error, but with perseverance it finally updated. After the first quick scan, the system didn’t reboot successfully. I had to hold down the power button for 5 seconds to shut down. I then ran the anti-malware program AGAIN, this time a full scan. It found and successfully removed 5 more infected files / processes. I ran another quick scan following that, nothing found.
I’m not jumping for joy yet, but the beast appears to be dead. Hope my experience helps someone.. be careful what you click !
Update : AVG 9.0 found nothing on a whole computer scan, everything seems normal after a few restarts.
This thing about buying a particular new virus checker to cure the Internet Security 2010 virus is exactly what they want you to do, and is a complete waste of money.
My system was hit by this horrible virus resulting in the “blue screen of death” and being deprived of access to any controls.
What I could do, however, is reboot!
So I rebooted, held down Key F8, and got the boot options.
I chose “System Restore” option and turned the clock back by one week.
Although an error message appeared saying it had failed, it actually hadn’t!
When I rebooted, the system was perfect again, and I hadn’t even lost any data – everything was right up to date, and I simply deleted the suspect file the virus came from.
Problem solved!
My husband downloaded this virus by accident when he was trying to install new security on our home computer. It’s complete BS and a scam to get your credit card info. It’s from a company called task-bar and they’re based out of Riga, Latvia. They charged our credit card $109. We’ve since cancelled our card. Anyway, I had to take my computer into work to get it fixed. They deleted all the programs manually (I have no idea how) and then installed Malwarebytes Anti-Malware program, so I guess it’s a good program or my company wouldn’t do it. They also installed an anti-viral program called Sophos and said between the two, we should be protected.
well somehow it work even though after the scan and removal process,, it said some of the stuff cant be remove, thanx alot
Got this bugger barely half an hour ago, bloody trojans;
Either way, rebooted, had AVG find it, remove it, resulting in a bsod; rebooted again only to find that I can’t even access my desktop – only thing that pops up is this damn program; so I used it to open up an explorer window, and here I am, looking at how to remove the damn thing – thing is, It’s a brand new computer so I need to figure out how to activate safe mode, this is the last thing I need ¬.¬
Thanks for the great information…worked like a charm!! I have Norton Internet Security set at a high firewall level and updated regularly and this still snuck through. Your simple instructions allowed us to remove this virus quickly and easily. Thanks again!
thanx u
This happened to me as well. It took my computer guy 19 hours to restore my system and recover my important corporate files.
The Internet Security 2010 locked up my computer tighter than a drum. Of course I was trapped like many others on here. My computer guy said since we had configured the computer with NTFS and we did not have the administrator password, in addition to the effects of the viruses, trojans, etc… it took 19 hours to recover my lost data.
This is what my computer guy told me when he brought back my computer. “1 iTunes music file, $1.29, 1 Email from my largest client, $20,000, Recovery of 9 months of email and all of your iTunes music files Priceless!
MJ
Hey when I do the scan on the thing they told me to use it says i have to purchase it.. he said its a free download! It says, “To remove them you must purchase” Why? Why can’t it just fix it! Christ!
You might have things a little twisted.
The Internet Security 2010 is basically a scam. It pretends to be an antivirus, but it says you need to purchase it before it can repair anything.
Malwarebytes has a free edition, that you can download from the link in the article. Malwarebytes is the one you should be using to scan your computer, not Internet Security 2010. IS 2010 is the actual problem. Please read again the article and you’ll figure it out. If not, come back with a comment.
Hope I was of any assistance,
Myke
My PC was infected by IntrnetSecurity2010 on 17 Jan 2010.
I have used Malawarebytes with the rkill file, following instructions here, but my system is still infected.
I have lost the on-screen warning message, and the annoying pop-ups, but my PC is still not right. My main screen keeps going black and if I set an image for my desktop it keeps returning to black on start-up.
I have scanned with Avast, SUPERAntiSpyware, Spybot Search and Destroy, SpywareBlaster, Spyware Terminator, Microsoft Scan, all to no avail.
I have found a file called “atapi” in C:/Windows/System32/Drivers,
Description:IDE/ATAPI Port Driver
Company: Microsoft Corporation
File Version: 5.1.2600.5512
Date Created: 17/01/2010 19:19
Size: 94.2 KB
I know this file is relevant to the spyware, as it was created on the day my PC was infected.
I have tried to rename and delete/shred the file, also rename, change the file extension, and then delete/shred it, but every time I delete or shred this file, it keeps coming back.
CAN ANYONE HELP????
Update 1/22/10 … still no problems. To boot, I uninstalled programs I don’t use, updated Thinkvantage software, Microsoft updates, and BIOS. The laptop is running better than ever. Every little bit helps…glad I caught it in the early stages. The beast is now officially dead.
Woot !
what steps did you take?
I got this stupid thing this morning..green screen with SPYWARE.
I tried system restore and all..nothing. I saw this on another site and tried:
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Internet Security 2010 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Internet Security 2010 when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Internet Security 2010 . So, please try running Rkill until malware is no longer running.
Once I got the rkill to stop the IS 2010, I did a system restore back to my security checkpoint done yesterday..so far so good. I did not click on any of the pop up windows so I don’t know if it got in very deep. I think I will install the Malware just as a precaution.
got this from tune up utilies (popped up saying it was not an original version, click here to so windows can download latest antivirus softwawr blah blah) i clicked and i am talked like in 15 seconds, there it was on my desktop! i ran it, and when all those “virus” popped in in IS10 i got suspiciious. googled a bit, got here, and followed instructions (i already have Malwarebytes so i skipped that)I downloaded rkill and ran it. then i ran MBAM and after a few minutes, it said it detected the task manager disabler. i deleted all the files, and then the log came up
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
but then i tried to open task manager and it said “cannot be process, file is infected, please activate your antivirus software” and then IS10 popped up. this keeps happening when i try and open task manger or rkill.
scan just finished, no malware or bad files or whatever it says were detected. i tried opening task manager, the FILE IS INFECTED thing came up again. after i closed it, IS10 tried starting up again.
help. what should i do? i run on windows vista. just got this damn son of a bitch 15 minutes ago! HELP
im currently trying
Worked like a charm. Ran MBAM. Found 18 items. Killed most entries. A couple were stubborn. A little tip, run regedit. You will need to run twice to get past the infected message. Take note where the .exe are from MBAM, HKEY Local Machine and HKEY Local User, Software, Microsoft, Windows, Current Version then Run. Delete anything that looks off.
After this ran kill.com (awesome by the way) and it then let me delete remaining files, namely 41.exe and something helper32.dll in Windows System 32 directory.
Rebooted, ran MBAM and all is well.
Go to http://www.ubcd4win.com and make yourself a boot disk. Use the explorer to remove the internet security from program files. Then edit the registry and navigate to HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
Come down to userint. You will see that the value is C:\windows\system32\winlogon32.exe Change it to C:\windows\system32\userinit.exe
You can now logon.
Malwarebytes may have fixed Internet Security 2010 a month ago, but it’s useless today. Even if you can get Malwarebytes to run, at best it fixes the problem only temporarily. It will be back within a day. MWB clearly doesn’t attack the root problem or cause of Internet Security 2010. And I’ve NEVER been able to get rkill to do anything except continually ask me for permission to run pev.exe. And no matter how many times I give it permission to run, it continues to ask me again and again and again and again, ad nauseum. In other words, it never gets around to actually DOING anything.
I could not get the rkill file to work as it was being blocked (I think) so ran the other one and got it out!
Thanks!!!
I followed the instructions above and it worked beautifully!
I download the software here: fallow the instructions like they say.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10896905.html
PS: I was able to download the software from the computer this virus was in. Awesome! Thank’s guy’s!!!
Thank you for sharing your knowledge!!! My son’s laptop became infected after visiting YouTube..sheesh…I guess nothing is safe anymore. The stupid virus wouldn’t allow me to download MBAM, so I had to download it to another computer and use a flash drive to transfer it to the sick computer. I did have to attempt to run rkill a few times before it would actually work, but as explained in previous posts, just keep trying with the error window still open. The rkill “killed” it alright…stopped it dead in it’s tracks. The scan with MBAM then found 23 infected files and removed them. I only had the virus for a few hours…the computer is working as if nothing ever happened. THANK YOU!!!!
And to those who are behind this scam, I hope you rot from the inside out…slowly and painfully.
Thank you so much! My computer randomly popped up with this while I was on the Target.com website..seems like it doesn’t really matter where you are, you can get it. My computer is up to date with Norton and I run Spybot often…didn’t matter, though.
This tutorial worked well and I do recommend opening the rkill.com thing while a IS 2010 pop-up is on screen. I did this by accident and had no problems with removal–but I also started removal as soon as I’d been hit–after looking on a different computer because the IS 2010 wouldn’t let me use the internet–it came up with this phony green screen that said “Must update antivirus software” and something like “Internet is infected”. After I used this I got my background back and everything (it went blank). Thanks! It means a lot not to have to try and save all of my information!
Several people here have mentioned issues with not even getting their computers to boot into Windows once this malware is installed.
I had the same problem and checked my bios. Unfortunately I didn’t know what the correct boot settings were, although I suspected that was the issue, so I took it to a tech who told me that it wasn’t the booting setup but the actual sata bridge settings that had been screwed with. The reset those to the factory standards and viola, my laptop booted properly again.
Of course it was still infected, so I still had to do the rkill.exe and MalwareBytes thing, but for those who can’t seem to even boot to Windows, this may help.
Thank you for telling me how to get rid of internet security 2010. Got rid of it in 1 hour and 15 minutes.
So…I was previously infected with “Windows Security”, “Internet security 09″ (or something like that), and a few others. The first time I got infected with one of these f*ckers I spent maybe 5 hours trying to get rid of it. The second time and third time, with a little more experice, it only took me a few minutes. All I did was restart the computer on safe mode and go back 2 or 3 days.
About 2 hours ago I got this Internet Security 2010. But this time I didn’t freak out, I thought I’d do the same thing I did before, just restart it on safe mode, go back a few days and that’s it. Well, not so easy, the f*cker was there even on safe mode. That’s when I freaked out.
Here are the steps:
1. Restart computer on safe mode (by pressing F8 when rebooting)
2. If it lets you do a system restore right away, go for it. (It didn’t let me though, the virus was blocking it, that’s what made things harder).
3. What I wanted to do was block the virus so it would let me do the system restore, so I pressed ctrl-alt-delete. And no, it wasn’t working for me either. I got the “task manager disabled by administrator” too. What I did was press ctrl-alt-delete again, and IT OPENED!
4. I ended whatever there was there on the task manager.
5. Went to start, all programs, accessories, system restore. And restored my system to a few days back.
6. The computer started fine, all I did was run ComboFix (which you can download free). And that’s it! It’s working fine! (my internet wasn’t working either…I forgot to tell you guys).
It’s 12:25am. F*ck this virus, I hope this helps you guys, I’m going to bed. Good night!
Oh, and just in case, I’ll run Malwarebytes tomorrow morning.
I’ve noticed several people have mentioned that after following the instructions they cannot connect to the internet but that hasn’t been addressed. I am having the same issue. My internet IS working. I have great connectivity. but IE, Firefox, Yahoo IM, not even my antivirus can connect. How do I get my internet back after doing all this????
*frustrated*
someone posted this earlier
p.s. upon first boot after removal i still couldn’t connect to internet because the proxy server settings set up by the virus were still in effect. In internet explorer go to ‘Tools’…internet options…connections…LAN settings…and UNcheck proxy server.
i can not get rkill to stop the processes and therefore, when I run the malware or superantispyware programs they don’t remove ‘everything’. they have removed most of it i believe but i still get the desktop popup and the popup that happends when you run the rkill program. is there a way to stop the processes from the task manager and then run the malware programs? thanks.
also, malwarebytes won’t update for me even when i turned off avg and i get error code 732 (12029, 0). any help is appreciated! thanks.
I have the same issue now. I had the sw remove the files but now a constant reboot cycle. Can’t get into Recovery Console as it tells me my admin pw is wrong
I picked up this little bugger last night. I rebooted my comp in safe mode, ran rkill, then ran malwarebytes. After malware was finished, I deleted the infected files and rebooted. The little Internet Security 2010 incon is gone from the incon tray in the lower right of the screen. I’m able to access any program I want and everything seems to be working correctly. The problem is that now I have an incon for Internet Security on my desk top. I didn’t notice this before. Why is it there now when it wasn’t before and is it really deleted?
unning the rkill multiple times is the key. Also, I installed the malware program to a flash drive. Until I did this it kept getting deleted by is2010. once on the flash drive and after running rkill many times it all worked and the thing is GONE…. kaput….
Thanks to all you people that take the time to help. I is awesome. I am going to sign up for the full version of the malware to say thanks to them.
i cant unistall internet security 2010
i downloaded Malwarebytes and rkill, but when i activate rkill, it automaticly closes. instead, i tryed Malwarebytes too, but it closes too. i have stoped the internet, but still the same…
is there any way to remove this annoying fake internet security?
Jorge, check my previous post, I got it last night, but I was able to get rid of it.
So I picked up this bugger about an hour ago and finally managed to remove all traces of IS 2010 that I’ve been able to find so far with malwarebytes and everything seems to be in order so far… hopefully things will stay that way. Thanks so much to you and paranoia, it would have really sucked if my computer had been fried seeing as I only bought it a month ago.
Just to let everyone know I also got this thing from youtube.
Soooo here’s an update exactly 24 hours later I was surfing the web again. Mind you only websites I’d never had problems with, nonetheless IS2010 is back though I can’t find any of the files related to the program. Last night I ran malwarebytes four times and the last three times the results came up clear I just now ran malwarebytes again and the IS2010 files are back but I can’t find them in search nor does it show up in my drivers folder my start menu or my desktop I’m not having any problems now other than a lack of taskbar use (mbam returns use after scanning), I have that bloody annoying pop up about updating my computer, and I am now unable to run rkill. I am beyond pissed. Has anyone had the same remaining problems and been able to fix them? I ask that you please reply.
I was about to reformat until I found this article on how to kill that damn thing. The only trick you need to add to the how-to instructions is that you need to run rdkill the first time, don’t close the popup message saying that the file is infected and then run it a second time. The trick to getting rdkill to run is to not close the pop-up error created by the mafia style fake antivirus program.
I have to wonder why the people that created Internet Security 2010 can’t be tracked down to where the money is being paid and arrested? Writting this kind of software should be punishable by serious jail time!
FYI …(sorry if someone posted this already, this is a LONG thread)
I was able to download MBAM but it wouldnt let me install it. Here’s how I was able to install the program:
1. Download Malwarebytes anti-malware, save to desktop
2. Right Click, you will see OPEN, RUN AS, etc.
choose RUN AS
3. You will see a window that says “Which user account do you want to use to run this program?”
Underneath you will see a bullet for current user followed by a checkbox that says “PROTECT MY COMPUTER AND DATA FROM UNAUTHORIZED PROGRAM ACTIVITY”
UNCHECK THIS BOX AND CLICK OK!
4. This allowed the installer to launch the program. Once installed, click OK to continue with any updates and then launch the scanner.
5. Good luck!!!
I got this virus yesterday and I was able to clean it, but was not easy. Thank to Rich tip I made it. Because the program was stopping me from run Malwarebytes.
Hope this helps someone.
FYI .. if you didn’t check in the last few days to a week,
Malwarebytes has ANOTHER update. I don’t know if it’s related to IS2010, but it found 127 MORE infected items, mostly a bunch of adware entries and a couple of trojans.
I recommend to look for updates frequently, and run the program daily for a good while.
Just a few more things to add if anyone else is still struggling with this:
When you’re done removing, you may want to consider turning off System Restore, rebooting, and turning it back on. Be forewarned, this will wipe out all previous restore points, but I noticed this was lingering in those restore files after removal in some cases.
Also, if Malwarebytes isn’t working, try Combofix. Again, you may lose files if you use Combofix, but there’s been success with it. You will need to rename it before you load it onto the infected pc, though.
malwarebytes works good, but sometimes the rouge programs detect it and shuts it off after instalation.
if your able to access the desktop try running msconfig from the ~run in start menu, disable all the startup items.
*note in msconfig the filepath for the rouge softwares are listed usually with a odd ending name like ZZhdsjhh ect.
then reboot into safemode with networking, try running antimalbytes again- and if it still doesnt work….
in safemode with networking- internet acces should be restored. then it is possible to download asc, and iobit security 360 from iobit.com
if the machine is ifected beyond os repair- the pc will crash when loading safemode. at that point a fresh copy of windows is needed.
these to programs along with antimalware bytes and avg 9.0 have given me a 99% sucsess rate on my repairs since these rouge programs were first infecting machines.
(lol- that’ll be $100 please)
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
To fix your internet connection after your remove it!
Caught this one quick thank god, the second I turned off NoScript I had an ad come through I couldn’t close (Even alt+f4 didn’t close the f*cker), so I clicked it and BAM. Great solution, I owe you my life lol!!
I LOVE YOU. thanks, you completely saved my computer (:
OMG Thankyou sooo much!! That stupid internet security 2010 was getting SO much on my nerves! The installment was fast, easy, and worked like a charm! Here’s a kiss *smooch*
THANK YOU SO MUCH….you just dont understand how much this has helped me. I was begining to freak out when that internet security installed itself on my computer because my laptop already had a virus and the internet security only made it worse; it was ridiculous…ugh! Anyways I Just wanted to tell you that I am deeply grateful(again) for your help =D
I don’t have any key named:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit
I can’t logon, it immediately logs me off. Should I create this key?
I’m using ubcd4win registry editor right now.
Thanks!
It looks like adding in the Userinit key did the trick.
Ultimate Boot CD for Windows is a great resource.
To Mic: you should have probably done a deep level format on your computer before reinstalling windows. That is why it wouldn’t allow you to install a fresh operating system but a secondary one. By leaving the infected OS on there you probably will end up with the problem returning. I had the same Internet Security 2010 crap install itself on my computer, it went so fast that it made my head spin. My solution? I immediately pressed the power button and yanked the lan cord out of the back of the PC. Then I booted the system up without it being connected to the internet. You have to be very fast with this bugger. Because if you don’t it will immediately lock you out of your system and won’t let you access anything on your desktop. I have seen this happen on another computer. The client wasn’t able to click on any desktop icons or the start button without getting the dreaded: Access denied, this file is infected! warning. It even changed the desktop background to a green screen with a nasty bold red warning on it. That system was beyond the point of doing anything with, windows failed to load every time, each time adding a new dll file that was supposedly corrupted. So we wiped the drive clean twice to make sure and reinstalled XP from scratch.
On my own system I caught it early enough before it locked me out completely and I was able to do beat the virus to access system restore. I went back to a date before the trouble started and then removed the suspect registry entries manually. Remember, system restore won’t automatically remove all traces of this virus, but if you can do that it will save you from having to reformat your drive. However, if you don’t know what you are doing you can do more harm than good, so in that case it’s best to leave this up to the experts. If you are not familiar with editing the registry and the solutions from the above article don’t work for you, then I would suggest taking your computer to the nearest BestBuy and letting the Geeksquad guys fix it for you, just don’t let them talk you into buying a new system
READ THIS READ THIS READ THIS!!!!!! It will allow you to open task manger!
To reset your administrative setting to allow for task manager, simply go to run, copy and paste this:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
hit Enter. Works every time, for me at least
Got this annoying virus earlier, followed the instructions exactly as above and worked. Straight forward, quick and free. Thanks for the help.
I say lynch the mob that created this.
Anyway, if anyone is having a problem running RKill.com as IS2010 shuts it down, I suggest copying the RKill.com file into the startup folder and then reboot – worked for me. Rkill ran on start up and managed to kill the smss32.exe before its other processes ran and then I was able to install Malwarebytes…
It attacked my PC for the second time. I am going to delete the whole windows and reinstall it. However is it safe to backup my stuffs in CD/DVD before re-installing Windows? does it automatically copy any malware into CD while burning something else?
Thank you very much for this! Worked first time, i’m really grateful!
Well here from Barcelona Spain…I have my brother in law that he get the virus…so tomorrow I will try to run the MBAM and the rkill, so I will tell you what was hapend..
thanks for all the coments!
worked for me so far. thanks
Thank you so much guys!!! This blog was a saver. Got around all the loops and I’m back in business
.
For all of you out there with the problem, just read everything and you will get this bitch off! No OS reinstall needed. All your files will stay in tacked. It will take some patience though.
Wish there will be a tool in the future that will catch viruses when released and send them right back to the bastards that created them with a slight mutation so they can bang their heads! Right back at ya,…fuckers! Well
Thanks again to everyone
very good, thks
Worked like a charm for me… tried many things before this, but nothing worked until this one… big thank you
You can temporarily stop the malware from running by opening the Task Manager then you end the process titled ‘av.exe’.
If the malware has busted your registry so that executables have stopped running you can fix that with something like ‘exefix’, which I had to use; I believe it’s available at bleepingcomputer.com.
Neither of these bits kill the malware; they just get your comp in something closer to working order.
THE ROGUE ANTIVIRUS DOESN’T LET ME START CMB PROMPT OR TASK MANAGER! SO I CAN’T EXECUTE THE RKILL PROGRAM!? PLEASE..I NEED HELP TELL ME WHAT TO DO. IM NOT EVEN IN HIGH SCHOOL YET. I REALLY NEED ME COMPUTER!!
Isn’t the Rkill file with a .com extension? That should allow it to run since the IS2010 just blocks the exe’s.
http://www.technibble.com/rkill-repair-tool-of-the-week/
this site has rkill with .exe, .com, .scr and .pif extentions
Thanx a bunch, some of the comments suggested it was a hassle, but 4 me it worked like a charm. 20 mins later, good 2 go, F YES!!!
ONE MORE THING — Check your TCP/IP Settings, IS2010 reset our to use their own phony DNS Server, so all google search results link through their Romanian search engine located at searchclick8.com and then it will reinfect your computer.In Firefox, make SURE that the address in the status line at the bottom matches the URL google lists.
This was very very sneaky!
I downloaded anti-malware and rkill.exe to a thumb drive on another computer. I then ran them on the affected computer from the thumb drive. It worked perfectly. I had this program show up a few years ago and it was hell to remove. This is a much easier solution. Speaking of hell, I hope that’s where the originators of Internet Security (insert current year) rot in.
Thanks. The rkill.exe program worked, but I had to run it several times, then Internet Security 2010 stoped running. I was then able to use malware to remove the threat. I also deleted the program in the program file. I would like to do the same to those distributing these scams, but with a baseball bat. Any Idea how you get to find out when they are caught, if they ever are. Thanks
i followed step by step and it didn’t do anything but waste my time
this is very gud ……the problem got solved very easily ..very much thank you….
So i got this nasty virus a few hours ago, and heres what ive done so far.. Immediately i used SuperAntiSpyware which deleted a hefty amount of trojans.. Then i found your fix, I used rkill which seemed to work, only problem was that it wouldnt let me connect to internet or activate the Malwarebyte installer.. So i used system restore to yesterday at midnight, and after the computer rebooted, the red cross was still there, but the internet center popups stopped.. The virus messed up computer’s ability to find a program to open .exe files, but i used something that fixed that and i downloaded, installed, and ran a scan with Malwarebytes with success.. Now it seemed like Malwarebytes picked up the sources, but when my computer rebooted a red sheild was still there, although still no security center popups.. Now i usually do have a red shield on my taskbar because i have parental controls turned off, but the yellow bubble message is the same that the virus was giving earlier: “Your computer may be at risk, click the bubble for more details”.. I didnt click it though in fear of redownloading all of those nasty files.. I’m running another Malwarebytes scan now, and plan to do another superantispyware after that.. So, my question is, does my computer sound fixed?? Thanks for your patient reading lol
Hi everybody…
So I made the mistake of restarting after trying to remove the virus prior to reading these instructions, and yes I am stuck in the login-screen loop, and I cannot get in with any safe mode…
Once and for all, does anybody know how I can get into my computer so I can give this RKill stuff a fighting chance?
Thanks so much everyone, hope we can all find a solution to this.
JW
I was fooled into allowing this program install itself, my firewall did detect the change and also Spybot alerted me to registry changes.
Thanks for the write-up, I think it is now all gone after taking 2.5 hours to scan the PC.
OMG … the sneaky bastards! richard is right… they reroute u thru google. I’ve scanned my PC with MBAM 3 times and each time something turns up…..How do i remove it from my IP settings??? Anyone??
got infected today… turned off internet connection ASAP…. was able to successfully remove it with rkill and MBAM or Soo i thought… next time u go online u just get reinfected…. thats cuz u need to CHANGE YOUR INTERNET EXPLORER settings… i reset them to default and i’m good after that! So everyone who has internet connection problems.. check ur IP settings and just reset ur browser… this worked for me
gracias y mil gracias sois fantasticos gracias
thx mate for help iv got this 3 days ago n i was trayin to kill somehow n i couldnt but u show me how thxxxxxxx mate
Ok this thing is killing my life. How can I do any of these fixes when it physically stops me from clicking anywhere on the screen?? At one point I managed to run rkill but then it froze my computer. Malwayebytes freezes, ad-aware freezes, superantispyware wont open and now it just wont let me open anything????
And it wont let me run is safe mode. Just keeps re-booting
Ok I got to step 9 and when I hit remove it directed me to register with StopZilla and Pay. Didn’t this article say not to pay for virus removal?
I have Malwarebytes on the comp but after 5 seconds of scanning it freezes up. I dont care about re-formatting I just want some files to be saved first! I dont think I have an XP boot disk as the computer shot put this copy on for me.
Yesterday (12/02/2010) my laptop was infected with XP internet security 2010.
I have just read your guide to deleting this, the only problem I currently have is that I cannot get onto my laptop full stop. Before it loads the users I have a blue screen that states ‘Windows has detected a problem and it has been shut down’
Is there any way around this? I have even tried all the safe mode option and those two won’t let me access it.
As I found out on my own, Windows XP seems to be doing this quite often with a lot of rogues. If you want to save your files reinstall windows over the existing installation (repair it) using the Windows XP CD. You’ll at least be able to start your computer, and then you’ll have a fighting chance against this bugger.
have a new one xp internet security. i will let u know if this works to get rid of it.
ok so i think i got rid of it how ever i cant change my background image from right click properties because it put that “warning system infected” bright green back ground any help?
thx
Worked like an absolute charm! Thank you, you’re a lifesaver!
Got this little gen this morning and have been trying to fix my computer all day.
I tried the instructions, but couldn’t update Mbytes database. Ran scan and got 28 infected files. Rebooted and was reinfected.
I then ran rkill again, and again and again and again (maybe 8-10 times). Then updated the dbase and that scan showed 150 infections.
Killed those and it seems like it has gone.
Thanks a bunch you guys… you’re fantastic!
This virus is not that easy to kill really.
I’ve killed off most of the virus manually, and from time to time I still find hidden registry entry’s and software that disables some drivers or administrative rights to your computer.
Yeah this thing is not a simple one to get rid of at all As I type this (on a clean pc) I have the infected computer running a linux boot disk to completely bypass everything from windows just so i can gain access to files to work on removing this beast.
All options mentioned here have been useless as this thing has disabled me from even being able to double click a desktop icon.
You have NO idea how much this has helped me!! I have had this virus for quite a while now to the point where i’m tempted to just throw the computer away! but after finding this removal guide, i am beyond grateful!
I use my computer for the Sony Vegas program and since i got rid of that fake internet security I can finally run the program again!
once again thank you!!
got the virus around New Years. Ran Rkill and Malwarebytes and it took the sucker off good. New problem: Since that day, my PC now randomly locks up and requires a hard restart to get working again. It never works now for more than 30 mins at a time and most times not even that long. Any thoughts?
Hi. I downloaded the rkill file but it wont let me run it. Please Help me. I am in desperate need. My computer is running Vista Home Premium. Thank You.
wow! BIG WOW! you save my life! Thank you sooo very much! my laptop is clean now
WOO finally got rid of the blasted thing!! i followed the first instructions and it worked great! i had to use my roommates computer and put it all on a USB to transfer it over to my infected computer. I had the virus for less then 24 hours and had over 200 infected files!
Is there a way to better avoid getting this, my computer already had antivirus and antispyware and still got infected sometime yesterday while just using my regular sites. My roommates are concerned about getting the virus also so input would be great
thanks for the help
First I want to thank you for this article. It was a real lifesaver!
I did everything you said and the computer is working with certain exceptions. I am unable to upgrade my Windows, Microsoft Office, Dell to get it back to its original state, nor do I have access to view certain websites. I get an error message windows is unable to open the page.
I also got a KCFError Domain Winsock:1016 message.
Now that I have the Malware installed I am unable to do the update.
Your insight is greatly appreciated!
Anne Marie
THANK YOU!
hey… so my computer just got infected just yesterday and i just found these instructions today.
i did what the instructions told me to do but…i dunno..its just not working..
-i used rkill program thing but the xp internet securtiy thing keeps coming up like 30 seconds later
-when i used this malware software it didnt detect the spyware or delete.
am i doing something wrong? help please..any suggestions?
Absolute life saver, thanks Google for finding this information so quickly…oh and thanks to the author for the instructions (very easy I must say)!
Thank you so much, worked perfectly. You are a life saver.
Don’t download or buy anything. I restarted my comp in Safe Mode and a system repair screen popped up saying that my comp was unable to start and would I like to run System Repair (legit Vista option). I clicked yes and it restored my system to an earlier virus-free time. I clicked on Windows Security just to check and it’s fine
my dumbass is lucky. System Restore has saved me ‘Numerous’ times, but I couldn’t use it when I needed to because my harddrive was full. After I figured out why it wasn’t doing auto save points, I freed up my hard drive, and did a system restore. Why you ask? Because things can get much worse, and they did…it wasn’t mentioned on here, how people can fuck up their computer worse by deleting certain registry entries – that’s what I did, and then had to run system restore from safe mode with command prompt. google system restore from safe mode with command prompt if you need to. After that the process on this blog was easy, this is because the second I notice something wrong with the computer I immediatley disconnect internet, and turn off the computer. The guy who created rkill is a microsoft product, it’s about time microsoft come thru with something!…On a different website, I learned these sob’s are indeed from russia, it figures. btw, I’m starting to think norton sucks BPVDD…I’m going to spend $25 well spent dollars on malwarebytes after wasting 8-10 hours today that I will never get back. Thanks though for the help with the files and instructions.
This document was very helpful. Please make the download buttons more visible on your site. Two of my users caught this bug as they were searching for images on the web. The combination of rkill and Malwarebytes was very effective. This will come in handy for similar malware infections.
I see by comparison that this bastid malware bitch hasn’t ravaged and raped me half as bad as some of the other unfortunates here. My heart goes out to all those whose stress level has reached critical mass.
I need a simple piece of info that I haven’t seen posted anywhere yet.
What SHOULD the black RKILL window say if has found some pieces of that mofo, ‘Vista Internet Security 2010??
No one has listed what the shit is named. Will RKILL shuts ‘er down completely? How will I know if it gets ‘er done?
I want names. So far, my best attempt has returned this for me. Am I at least on the right page here? Thanks.
c:\Program Files\Microsoft Works\WkDStore.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Users\Chris\Downloads\rkill.com
ATTENTION! ACHTUNG!
I see by comparison that this lil’ bastid of a bitch program hasn’t done me half as bad as some of the other cats here.
My heart goes out to all those who done got bunged by this malicious, disease spreading whore.
I just need a simple piece of info. I haven’t seen this posted yet and I wonder why.
What SHOULD that black ‘RKILL’ window state if the program has found some of this ‘Vista Internet Security 2010??
No one has listed what theses shits are named. Will RKILL shut ‘er down completely when it does find the bitch?
How will I know if, and how much of this disease is captured and isolated?
I want some names, friends!! So far, my TWO best attempts have returned these two screens.
Am I at least on the right page here? Thanks.
*** Processes terminated by Rkill or while it was running:
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris\Desktop\rkill.com
c:\Program Files\Microsoft Works\WkDStore.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Users\Chris\Downloads\rkill.com
For Chris:
I do not remember the name of the actual executable file that is the malware; I do believe if it’s present in memory then a successfull Rkill run will stop the Internet Security 2010 window from poping up, and the fake shield icon on the taskbar will disappear.
After that run Malwarebytes; you may want to this pair ( Rkill and Malwarebytes ) through a few runs, with a reboot between each one.
I downloaded the Malware installer and while I was installing it, I thought I’d closed it, so I opened the installer again, realized that I had 2 installers running and had to cancel one. The remaining one stuffed up and now I can only reinstall it if I restart my computer but I don’t want to in case I can’t get past the logon screen like others… what should I do?
hi, all i did is “system restore” it back 3,4 days, right as the pop ups starter commin up, worked like a charm, than i updated my avg for free and youre good to go…
Your removal guide worked great. The instructions were clear and easy to follow.
I was able to get rid of this insidious monster in five minutes.
Thanks again.
ty this worked for me. Dop I uninstall these 2 programs when i am done?
This fix worked exactly as promised. I was running Firefox when I was “gifted” with the virus. I knew what happened right away because I am pretty particular about my computer and what happens to it.
I was still able to run programs and use the internet, only with tons of hassle though. I would definitely do the USB thing if anybody has more problems than me, as many are reporting to have. But yet, 20 minutes after I got the virus it was removed and seems to be totally gone.
Thank you so much for your help. I just removed the Internet Security 2010 Virus following your instructions.
Thank you.
I removed this very easily. Start your computer in “safe” mode,I use my F8 key. Then roll back to a nearby checkpoint. Restart and poof it is gone I’m mad at Kaspersky, my Internet Security Suite 2010 for not catching this. What do I pay them for, their good looks or what? lol
i cant run the run the mbam set up. Please help
Ok first off very good guide. One addition if you are having trouble with it returning or rkill is not doing the trick and you know how to use command propt load windows in safe mode with command window it was the only way i could remove this virus from several of my clients (family friends lol) I know a few people have posted it but consider this a bump
I live by Malwarebytes and it worked like a charm for this problem for me also. BUT, after removing the viruses from my HP computer Vista no longer sees my network connection. Is there a simple fix for this or will I have to repair/reinstall. Did I mention I hate Vista, never have these problems with my XP.
I followed the guide exactly step by step, it is working.
Thanks a lot.
I just spent a few hours with my son. He had “updated” Windows XP and in doing so, acquired the XP Internet Security 2010. At first it didn’t install, rather just kept causing pop-up ads to get it. Then it finally installed itself. Tried Malwarebytes right right away, but it didn’t work. Then found this site and downloaded rkill. All this was done from my computer using CrossLoop, enabling me to see and run his computer. The rkill file immediately shut down all ave.exe windows that had popped up. Then put the latest version of Malwarebytes and updated it, ran it, and it found and destroyed all traces. Thanks for sharing you wisdom. It’s people like you who make the internet at least tolerable, especially when one is able to actually fix a problem as nasty as this one is.
A very grateful internet user,
Michael
Milwaukee
I found this article very helpful. This is what i did to get rid of my virus.
http://hubpages.com/hub/How-to-get-rid-of-Vista-Internet-Security-Virus-2010
Well, I got this yesterday, found this site and dowloaded the rkill and Malware. The rkill wouldnt work then, but did manage to get into Safe mode and run Malware. Now though, it just goes bluescreen – very frustrating; I’m trying to reboot from the XP installation disk to enebale me to at the very least get back into afe mode, but not having much success.
Great – now it just reboots endlessly
It happen to me to on an XP computer.
I found that the registry location “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]” variable “Userinit” was pointing to “C:\Windows\System32\winlogon32.exe” not “C:\Windows\System32\userinit.exe”. Winlogon32.exe is part of the virus and gets deleted. I put the drive in anther computer and made a copy of userinit.exe, then rename the copy to winlogon32.exe. That fixed my reboot problem.
After you get back up, either manually edit the registry or Copy and paste the following in to a text file, Then rename it to something with a .reg extension. Right click on that file and click on merge. Reboot and if it all works you can delete “C:\Windows\System32\winlogon32.exe”.
Make sure to run your antivirus scan.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=”C:\\WINDOWS\\system32\\userinit.exe,”
Forgot to mention I am currently running Panda Antivirus as my first attempt to kill it; started it before both finding this thread and finding the executable fix. Will run M-bytes later.
I read through all the posts. I almost gave up but was able to defeat the virus. I used rkill and malaware spyware removal. It wouldn’t let me update the definitions for the longest time. I read somewhere that if you reboot and try to update the virus definitions before this virus kicks in, it might work and it did. I removed around 130 objects with Malaware, but I still couldn’t do a regular boot, only a safe mode F8 boot. Then this morning, I tried to do a system restore. It wouldn’t let me, but then I read somewhere else about using regedit to unblock system restore, which seemed to work. I was able to do a system restore a couple of days ago and I thought that might work, but after I did that I couldn’t even boot in safe mode. I was about to give up and do a full hard drive clean, but I couldn’t even do that because I kept getting stuck at a Windows Recover screen that said Windows hadn’t shut down properly and the only options that it gave me were safe mode with or without networking and I couldn’t access those. I was about to throw the computer out the window where I read that you could create a vista recovery disk by downloading it from some site and then burning it a cd, which I did, but my computer wouldn’t let me access the CD drive so I played around with the BIOS and I was able to access the drive. The program came up and first I tried Windows Repair and it said everything was all right!!! Then I went back in System Restore and went back about a week and tried a restore and it WORKED!! and everything seems to be fine. IN the meantime, I put all my documents, videos, pictures, music on a storage drive just in case. GOOD LUCK TO ALL.