Virus called "Internet Security 2010" ?!!

Silvera

Has anybody else here been hit with a virus calling itself "Internet Security 2010"??

I was last night and spent about 4 hrs scanning and such to get rid of (most!) of it?!

As Im typing this two pop-ups are showing on the screen trying to tempt me into clicking on them to "remove infected files" etc!?! ...make that 3 pop-ups now!!

I used 'Megabytes Malware' free removal yesterday...which removed circa 3 threats....yet the pop-ups continue...and the 'Internet Security 2010' icon is still showing on my home screen?!!

Help please??!!!

Fuzzballs

Go into the pc in safe mode. Press F8 when the machine is booting up.
You will get a few options. Choose Safe mode with Networking.
Install or run Malwarebytes anti malware. Update it if you can.
Run full scan. Reboot into normal mode. Download and install Super AntiSpyware free edition. Update it if you can. Run a full scan.
Reboot. Should be sorted.

Blazer

did you try google? Because I just did a search and the number one result was the link below to remove it??
http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

What browser do you use? If IE get off it and onto Firefox...
I've yet to get malware/spyware/viruses etc since switching to Firefox..

ps...if it was safari you deserve everything you get

Silvera

Thanks for the quick reply!!

I did most of that but still getting pop-ups and 'IS 2010' icon on home screen?!

Will try and update 'Malwarebytes ' program and download the 'Super AntiSpyware'...can I trust these programes btw??

I'm running in mormal mode atm....is that allowing the virus to spread, or worse allowing them access to private info/passwords etc??

........going to log off now and come back on in safe mode...

Fuzzballs

Will try and update 'Malwarebytes ' program and download the 'Super AntiSpyware'...can I trust these programes btw??

Yes of course you can dude. Download from here. www.filehippo.com
In the anti spyware section. Just follow my exact instructions.
Dont be getting paranoid just because you got stung once :pac:
Used it countless times. Malwarebytes can be installed in safe mode.
Super antispyware cannot. Get the latest downloads from filehippo and install.
Then even if you cant update they will be nearly the latest version

FusionNet

You need to get the computer cleaned properly. Some of these pop up viruses can be root kits and be very hard to get rid of. BTW I love the title of the virus, all its missing is Nortons before it..!!

batari

Happened to me this morning in work. Had to log in in Safe Mode with Networking, go to

Start/Programs/Accessories/System Tools/System Restore

and restore to the day before it happened (for me it was yesterday-sunday).
Not 100% computer savvy so maybe someone here who knows more can confirm this as a good remedy. Seems to have worked for me (so far).

FusionNet

Hi Atari,

I havent look up this bug yet but system restore doesnt delete a lot of viruses.. Ill check into it and let ye know..

Silvera

Ok...things have gotten worse!

I went into safe mode and ran a quick and full scan with 'Malwarebytes' which showed up '8 threats' in the quick scan...and then I deleted same. It woundnt let me update in either safe or normal mode....kept showing - 'error...will report to Malwarebytes Admin'.(or something like that).

I then restarted in normal mode and now it would let me connect to the net at all??? (I rang Vodafone last night and she said 'the system must be busy, it usually is at this time on a sunday night?!) I told her about the virus, and could it have logged into my system and possibly hijacked it?....she didnt know what to tell me. I asked if I could change my Vodafone broadband passwaord...and she didnt know how to do that?

I've tried to log on again using my laptop and mobile broadband - it will now connect to the net but wont let me access any sites?!

Plus a (False!) pop up keeps appearing telling me of 'Trojan Horse' threats. (Im using my old dial up connection atm).

What is wrong does anybody know???

Silvera

Just tried it again.....still cant access any websites via my laptop/broadband.

I use Firefox btw (and have done so for at least 2 years now).

Any help appreciated?!

probe

Have a look at this:

http://www.virusremovalguru.com/?p=4918

(Haven't been a victim - so I don't know if what they suggest works).

Failing that suggest you reformat your drive(s) and re-install your operating system - backing up your data, email, browser bookmarks, etc (assuming you can do same) before doing the reformat.

Similar crap seems to come out every year - they just change the year number...

probe

You might also consider using http://www.microsoft.com/Security_Essentials/

free from Microsoft, assuming you are using Windows to help keep malware at bay in future....

Fuzzballs

So i take it you didnt follow my instructions?
Which ive used at least 3 times for friends and it got rid of this.
Ah well. What can you do

TomCullen

What OS are you running?

have a look at this

http://www.geekpolice.net/malware-removal-guides-f12/remove-internet-security-2010-removal-guide-t16909.htm

to be honest i recomend you do a complete re-install with windows 7. You can get it for free by downloading it on torrent websites. Just make sure you have all the drivers you need on a usb stick ( video, sound, internet etc. )

Silvera

Fuzzballs wrote: »

So i take it you didnt follow my instructions?
Which ive used at least 3 times for friends and it got rid of this.
Ah well. What can you do

I did follow ur instructions. I had already downloaded that anti-malware yesterday, and i've ran it again - its showing all clear.

However, the trojan horse warnings are still showing, AND the INS2010 icon is still on my homepage...so i presume its still in my comp system?!

Tha problem is that (as i said above) i now CANNOT access ANY internet pages?! Its so frustrating... sorry if i seem annoyed..i am...but not with u guys. I really do appreciate ur help!

NB - the problem is on my laptop and usb broadband stick...I'm typing here on my home computer via dial up atm ......so obviously i cannot download any solutions to my laptop until i figure out why i cannot access any internet sites on it??!!

TomCullen

have you tried to reinstall your network driver?

Silvera

excuse my ignorance but ...
what is the network driver?
how do i do that?

n.b. its taking me forever to reply using this dial-up connection

TomCullen

emm. what do you use to connect to the internet? wireless usb? if so look at the usb and google the product name . e.g "Belkin A600 driver" make sure you download the correct one for your Operating system. Then goto the control panel and uninstall the drivers for your wireless and reinstall the driver... Just google it , there will be loads of tutorials

Silvera

i use wireless usb - vodafone Huawei HSDPA usb stick, model : K3520.

im trying to find a tutorial here...it keeps suggesting the 'huawei' homepage, which doent look very user-friendly

..so annoying this! if i cud get my hands on the little B~~t$%ds who started this virus!!:mad:

billyblanks

By chance I noticed a this thread on the front page of Boards(thank God).

I work in a small company where we all have basic computer skills, A workmate of mine told me that he had upgraded from the 'free AVG' to Professional because there were threats on the computer that could not be fixed.....what he actually did was install and pay for 'Internet security 2010'

I have just spent the last 3 hours removing it from this computer, and cancelling the company credit card...

I used the link from bleepingcomputer.com, and downloaded 'Malwarebytes Anti-Malware' like Silvera after using it I could not access the internet.

But after re-starting the computer 3 or 4 times before I was able to connect to the internet and all seems well....

Cheers for all the links and Info.

Silvera

billyblanks wrote: »

By chance I noticed a this thread on the front page of Boards(thank God).

I work in a small company where we all have basic computer skills, A workmate of mine told me that he had upgraded from the 'free AVG' to Professional because there were threats on the computer that could not be fixed.....what he actually did was install and pay for 'Internet security 2010'

I have just spent the last 3 hours removing it from this computer, and cancelling the company credit card...

I used the link from bleepingcomputer.com, and downloaded 'Malwarebytes Anti-Malware' like Silvera after using it I could not access the internet.

But after re-starting the computer 3 or 4 times before I was able to connect to the internet and all seems well....

Cheers for all the links and Info.

Well Im glad to hear my post has helped somebody else!

....and that I'm not the only person who's computer cant access the net as a result! (Im going to turn on the laptop shorth;y again...so fingers crossed I can access the net and dowload the 'Super Spyware' programme to it ).

Silvera

TomCullen wrote: »

emm. what do you use to connect to the internet? wireless usb? if so look at the usb and google the product name . e.g "Belkin A600 driver" make sure you download the correct one for your Operating system. Then goto the control panel and uninstall the drivers for your wireless and reinstall the driver... Just google it , there will be loads of tutorials

Well I've tried it again and still cant access any websites?!

Re the above.....I presume I will have to access a website to 'install a new driver'? (Bare with me....I'm not that hot re computer stuff!:D)

I've also tried to find 'tutorials' via google....this is the "best" I can find so far....kinda goobledegook to me tbh.

http://forum.eeeuser.com/viewtopic.php?id=69258


If I could find a step-by-step guide I reckon I'd manage it! ....can anyone recommend a site?

mcmoustache

Have you any geeky friends. One of them might have a hard-disk enclosure/cradle. That would allow them to plug your hard-disc into their computer and they could fix it from there.

Another option you have is booting in safe mode and doing a system restore to sometime before you had problems and then scan again.

FusionNet

Id be concerned there is a root kit, this may not be a five minute download something from the googleweb fix... Worst case scenario, if you have to get this fixed professionally its about 150 euro and that includes a years supply to a top end brand of antivirus and spyware program. That cost also includes patching the PC with all microsoft updates and doing a deep clean of the HDD drive including root kit work.

So worst case thats the most you should be paying.. Just handy info in case you cant solve it...

colblimp

Berkut wrote: »

What browser do you use? If IE get off it and onto Firefox...
I've yet to get malware/spyware/viruses etc since switching to Firefox..

Well I have Firefox and I've just been infected with this damn virus tonight. Isn't it strange that I never had any virus until Boards was hacked...

Silvera

I just realised thet I dont have a firewall on my laptop.

or does AVG free have one built-in?

probe

I've said it before..... FORMAT YOUR HARD DRIVE AND RE-INSTALL YOUR OPERATING SYSTEM AND YOUR APPLICATIONS.

Contact your PC manufacturer's tech support or check their website about re-installing your operating system. Some manufacturers give you a DVD when you buy - others hide a factory copy of your operating system on your hard drive. Backup all your files before doing anything.

Reformat your hard disk.

When you have installed the O/S, do a windows update (I'm assuming you are using windows). Make sure the firewall is switched on (assuming you are using XP, Vista or 7).

After that download http://www.microsoft.com/Security_Essentials/

Install your applications.

This is the nuclear option - it works - sanitizes everything.

Be sure to backup first. Buy a USB hard drive and copy everything you have to it (if you don't have one already). Make sure you have the driver disk for your vodafone broadband crap modem device if it came with one. If you didn't have to use a driver disk when you first got the modem, it is probably already in Windows - so you should be OK. But you need to be able to connect to the internet after reformatting to do all the downloading to bring your software up to date.

AKA pat sheen

probe wrote: »

I've said it before..... FORMAT YOUR HARD DRIVE AND RE-INSTALL YOUR OPERATING SYSTEM AND YOUR APPLICATIONS.

That'll work but's it's a bit drastic. I just removed this from a friends netbook. The system restore was disabled from infection and the same in safe mode so I couldn't just roll back, and the pop-ups in normal mode were so frantic that you couldn't really do anything anyway. Often times the activity and running process names can be different from those in the removal guides you find online. If you can connect to the internet but can't browse to any sites check that your browser proxy setting haven't been switched on or changed.

Best advice is keep a copy of a linux live OS cd handy (or usb) like ubuntu, so you can bypass win[doh!]s and use that to get online on that system. Make sure your usb dongle is compatible with whatever linux cd you use. Boot into linux to get online. Download the latest super-antispyware and malwarebytes which take care of almost every rogue av. Boot win in safe mode, run both and remove everything they find, switch off your wifi or disconnect your cable or dongle, reboot and then use system restore to roll back to before the infection. If the infection is gone, which it should be, it should be safe to reconnect.

AKA pat sheen

Although the method I've given is for anyone who doesn't have connectivity in safe mode I meant to say if you do also try HitmanPro as well as the other software I mentioned. HitmanPro uses 5 excellent anti-virus/malware/spyware engines in one and it's really quick but you need to have a fast connection since it uploads a lot of files to a cluster. It's standalone, and the scanner is free. If you use it to remove anything it will activate a 30 day trial.

LoLth

moving to the "virus removal forum" as this seems to have run its course here.

LoLth

another useful link by the way:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Fakeinit

The Sweeper

This piece of malware is so goddamned irritating...

I let someone use my computer for an hour yesterday, and when I came back, the whole suite of 'XP Security 2010' malware was throwing warning pop-ups onto my screen, playing images of a fake security scan, telling me I had 32 infected files and had to buy their product immediately and so on.

I never click "yep thanks" to anything when I'm on the internet, so I can only assume this dastardly programme has either been weaseling its way onto my system for weeks, or that the temp user clicked 'ok' thinking they were doing something right on my computer.

The upshot is that the only way to properly remove this item is to install an anti-malware programme that will remove it, but it seems to also involve clearing hidden files out of the registry manually so the thing won't sit and wait for a reboot and then quietly reconstruct itself in the background as you continue surfing the net. (That is obviously not a technical description of what actually happens. )

The biggest problem I had with it is being highly suspicious of the programmes that say they can remove it.

This much I can tell you - you can't do something simple like uninstall it through your control panel, because it doesn't show up as an installed programme. The usual array of free registry cleaner and antivirus programmes you have on your system if you're not paying for antivirus simply don't recognise it. I'm not even sure a paid antivirus programme would recognise it - because it's not a virus, it's malware.

The upshot simply seems to be don't pick up the goddamned thing in the first place - so don't go clicking any windows or XP security programmes, and stop and think before some panic-mongering warning appears on your screen demanding you click 'ok' now.

Oh - and don't go buying the bloody thing either. Apparently the fcukers who wrote it have made millions.

BigOwl55

I've seen that one's older brother, XP Security 2009 also. Once it's cleaned off I had success with System restore to get the damage straightened out. For instance it had changed registry settings that kept me from changing screen settings so that it could use the wallpaper to display a fake warning. There were numerous changes but with the bugger gone System Restore helped. I used Super Antispyware and Malwarebytes if memory serves me at this advanced age.

SupaDupaFly

colblimp wrote: »

Well I have Firefox and I've just been infected with this damn virus tonight. Isn't it strange that I never had any virus until Boards was hacked...

Same here! Never had a problem until boards was hacked into

T-Bird

There might be some instructuions on this site that might help.
deletemalware.blogspot.com

Blackhorse Slim

Just wanted to say I have come across this virus 6 or 7 times on different machines. Each time, booting into safe mode with networking, then downloading and updating malwarebytes and running a full scan has fixed the problem. They were all windows xp pro.

T-Bird

Yes, and I just read that on the sticky of this section as well and am trying it out on my machine.

I've removed this on several occasions in the course of my duties, depending on the variant it can be an absolute prick to do. Some infect Windows system files such as ndis.sys, cdrom.sys or atapi.sys - if the AV deletes any of these then you'll have problems ranging from no internet to a BSOD on startup. Others change the userinit app to sdra64.exe so if you remove it you can't log on anymore - requiring offline registry editing to get the machine to boot properly again.

I never like to let the thing beat me, reinstalling is the easy option but I guess your choice should depend on how much you value your time and/or data.

30kmph

Had this same virus and a technician appeared to fix it, only for the next day an almost identical virus to pop up which I zapped with the Anti-malware bytes programme. However, a few weeks down the line I was hit with the blue screen of death following an automatic windows update. Another technician fixed this for me and ran checks and everything was grand.

Frustratingly, a similar problem has returned. Instead of Windows loading, a black screen comes up with various options "safe mode", "return to last working configuration" etc. Have explained this to the technician who fixed it last time, he reckons it may need a new hard drive.

Any recommendations on what to do? I think the root of this problem stems from that Internet Security 2010 virus. Also, would a new hard drive be costly?