FAKE – Internet Security 2010

Jan 24, 2010 Posted Under: Learn

Everyone like FREE thing, but not this…

A friend downloaded the above software last week after his computer return from a Hard Disk upgrade, but ended up with malware infection instead of protection. He can’t format the Hard Disk because all his business email stored in this computer.

He was so helpless because the can’t get through his computer maintenance guy, so he called me up… then, I gonna travel down to his office and check out his problem, lucky his office is nearby my house.

After 10mins of debugging, and I found out the Internet Security 2010 is NOT a antivirus/anti-adware, it’s the one causing all the problem.

Internet Security 2010 is a rogue anti-spyware program that is installed through the use of malware. Once installed, it will run automatically once Windows start. It will then scan your computer and display numerous infections, but will not remove anything until you purchase the program. These infections, though, are all fake and are only being shown to trick you into thinking you are infected so that you then purchase the program.

Below is the screen shot of the error message and fake scan result it will keep prompt you, some may even had his wallpaper changed with a Virus Warning.

You can’t uninstall it from Control Panel or by removing its EXE file, you need some tools to safely remove this stupid software.

Tools you required:-

  1. rkill.com (to kill all the Internet Security 2010 process)
  2. Malwarebytes’ Anti Malware (to scan and remove all installed Malware)
  3. Malwarebytes’ EXE (to replace the Malware affected exe)

The removal procedure is as below:-

IMPORTANT: DO NOT REBOOT YOUR COMPUTER UNTIL YOU COMPLETE THE LAST STEP.

  1. First, we run rkill.com to kill all the Internet Security 2010 process. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Internet Security 2010 when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Internet Security 2010 . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.
  2. Install and run Malwarebytes’ Anti Malware, leave all the default setting but uncheck both of the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do soIf you receive a code 2 error while installing Malwarebytes’s, please press the OK button to close these errors as we will resolve them in future steps. The code 2 error will look similar to the image below.
  3. As this infection deletes a core executable of Malwarebytes’ we will need to put a new copy of it and put it in the C:\program files\Malwarebytes’ Anti-Malware\ folder. The downloaded EXE will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.
  4. Double click the Step 3 EXE file, MBAM will now start and you will be at the main program screen as shown below.
  5. Before you Perform Full Scan, you must Update the program 1st.
  6. Perform Full Scan once the update is complete, this may take up to few minutes or a hour, I suggest you go and do something else and periodically check on the status of the scan.
  7. Once the scan complete, click OK on the prompt window.
  8. A screen displaying all the malware that the program found will be shown. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to DO SO. Once your computer has rebooted, the Internet Security 2010 should has been deleted.

If you looking for some FREE antivirus for your computer, I’ll suggest you download:-

  1. AVG
  2. Bit Defender

Leave a Reply