Internet Security 2010 is a rogue antispyware program, clone of widely spread Advanced Virus Remover, which is also rogue antispyware program. The program distributed with the help of trojans. When Internet Security 2010 is installed, it will configure itself to run automatically when Windows loads.
Once running, Internet Security 2010 will begin to scan your computer and list a variety of infections that will not be fixed unless you first purchase the program. Important to know, all of these infections are fake and do not actually exist on your computer, so you can safely ignore them.
What is more, while Internet Security 2010 is running your computer will display nag screens, warnings and fake security alerts from your Windows taskbar. Some of the alerts:
System warning!
Continue working in unprotected mode is very dangerous.
Viruses can damage your confidential data and work on your
computer. Click here to protect your computer.
System warning!
Intercepting programs that may compromise your privacy and
harm your system have been detected on your PC.
It`s highly recommended you scan your PC right now.
Just like false scan results, all of these warnings are fake and should be ignored! If you find that your computer is infected with this malware, then be quick and take effort to remove it immediately. Use the removal guide below to remove Internet Security 2010 from the system for free.
More screen shoots of Internet Security 2010
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
Use the following instructions to remove Internet Security 2010 (Uninstall instructions)
Step 1
Download HijackThis from here. Once Save dialog opens, please rename HijackThis.exe to iexplore.exe as shown below.
Save Dialog – HijackThis.exe
Save Dialog – iexplore.exe
Click Save button to save it.
Run HijackThis. Click “Do a system scan only” button. Now select the following entries by placing a tick in the left hand check box, if present:
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
Once you have selected all entries, you will see a screen similar to the one below.
HijackThis
Close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2
Download LSPFix from here and unzip it to your Desktop.
Run LSPFix. Place a tick in the “I know what i`m doing”.
In the KEEP box select helper32.dll (if the file is not listed in KEEP box, then close LSPFix and go to step 3). Press “>>” button and you will see a window as shown below.
LSPFix
Press Finish>> button. When LSPFix is done removing the LSP you will see a summary box. Press OK. Reboot your computer.
Step 3
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Internet Security 2010 infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Internet Security 2010 removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Internet Security 2010 creates the following files and folders
C:\Program Files\InternetSecurity2010
C:\Program Files\InternetSecurity2010\IS2010.exe
Internet Security 2010 creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010
when locked out of regedit – click RUN and use CMD and then regedit. it may take 3-4 tries to get it open – then find the reg key mentioned and delete it – and run Malwarebytes. This removed it from my system. Thanks for the info
I ranMalwarebytes and it didn’t get rid of IS2010..
I bought Kaspersky Anti-virus and it can’t get rid of it.
As I am writing this note, IS2010 screen popped up asking me to install and purchase for $$49.00
My computer reboots itself now at various intervals of time..sometimes I can be on 10 min..sometimes more..
HELP!
Hey guys, I can’t login…Safe Mode is not working, Last Known Good not working, etc.
I have no clue where to go from here.
I HATE “INTERNET SECURITY 2010”!!!
Any help would be wonderful.
Martha, ask for help in our Spyware removal forum.
Mike, you need use Recovery console. Read my answer to lawrence (“Comment by Patrik — January 17, 2010”) here.
Be aware that the writers of IS2010 have already made changes to keep their application from being uninstalled. The following files have changed:
C:\Windows\System32\winlogon86.exe
C:\Windows\System32\winhelper86.dll
C:\Windows\System32\winupdate86.exe
The numbers at the end of each file (86)are now different and may show-up as 32, 36 or some other value.
Here is how I removed it from several machines:
1) Booted into Safe Mode
2) Brought up processes (Ctrl+Alt+Del)Task Manager
3) Selected IS2010 and anything else (such as IS.exe or InternetSecurity) and killed the process.
4) Went into Program Files and deleted the IS2010 folder.
5) Ran cCleaner with Prefetch selected with all other selected defaults.
5) Searched Windows for IS2010
6) Searched Windows for Internet Security
7) Deleted what was found in 6-7.
8) In the registry, searched for 6-7 and deleted.
9) Emptied the Recycle Bin.
10) Ran Maylwarebyte and deleted
11) Ran Spybot and deleted.
12) Searched the Program list and deleted IS2010 wherever found.
13) Ran Microsoft’s Malicious Software Removal Tool using “full scan”. Deleted anything found.
NOTE: If any of Microsoft’s tools are disabled, go to Kelly’s-Korner kellys-korner-xp.com/xp_tweaks.htm and search for what you need. Works in XP, Vista and Wdws.7.
14) Go into System Configuration Utility (Run \ MSCONFIG) and disable any start item such as IS2010, InternetSecurity, etc.
15) Reboot to see where you are.
LAST: Unfortunately, even when you see that IS2010 is gone, your browser will continue to be hijacked. This can also apply to Firefox.
16) If you have System Restore back AFTER doing all of the above, then try for a System Restore to a point “way back” from when the infestation happened. Don’t restore back to within a couple of days. Go a month back if you can.
Good Luck.
MORE: I have noticed that some people cannot use “Safe Mode” or “Last Known Good Configuration”. The way to do this when you don’t have the ability to do those, is to go to another machine and create a Boot Disk from “Ultimate boot” from ubcd4win.com . This will allow you to work from the boot CD/DVD in a Windows environment. From there you would do 1-7 from above, then boot back into Windows and do numbers 8 )smiley face) through 16.
Of course, you can save alot of time if you have your data backed-up. Then you would just run the Windows CD/DVD, delete the system partition, create a new partition, select NTFS quick format and reinstall Windows followed by the MB drivers. You are guarenteed to be clean.
Another way is to boot using the Windows CD/DVD (Recovery Console) and select “Repair”. In repair you would use DOS commands to change the directory until you were in Program Files. From there you would delete IS2010 folder, then reboot to Windows to see where you are.
ALL OF THE ABOVE, THIS POST AND MY PREVIOUS POST WILL WORK. IT’S UP TO YOU TO DETERMINE HOW ADVANCED YOUR ARE AND WHICH YOU WISH TO TRY FIRST.
Again, Good Luck.
I have run Avast then Windows Defender and then Malwarebytes and all that seems to be left is the Browser Icon. I checked the processes and see no alien programs running. HOWEVER, I still am blocked from many social networking sites. I CAN’T FIGURE OUT WHY!!!!! The damn program must still be lingering on my computer as I get a system infected maroon colored message on my browser when I try and Access Wiki and Facebook! ugh!
OMG thank you so much for the instructions. I had the same problem with other people about not being able to log on. I actually booted windows XP from the CD and had to repair the OS before I was able to follow the instructions. Followed the instructions to the T. I didn’t have to do the first part of deleting specific files because luckily I didn’t find them.
But the Malware software worked perfectly and got rid of that damned thing. The computer is back to normal! THANK YOU THANK YOU!
ive downloaded the MBAM program it seems to have delted the spyware.. it found some infections
anyway when i open ANYTHING on my laptop all i see is
‘This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel.’
PLSSS HELPPPP
gulli, “ANYTHING” = any program, or any text document or image ?
anything = any programs such as windows media player and also text documents got to do with word. i can open notepad when you go ‘RUN’ type in ‘notepad’ thats about it.
some sites were asking to make a exefix.reg file. and to save it which i did. i saved this on the registry
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
[-HKEY_CLASSES_ROOT\secfile]
any help pls?!
Gulli, try use the following reg file:
Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\exefile\shell\open\command]@="\"%1\" %*"
first of all thank you so much for helping me patrick.
i tried that, still doesnt work, dont mean to be a burden on you anymore
if i reboot my laptop i shouldnt have the spyware anymore and everything should be back to normal right?
i read it on a site it said not to reboot it as the spyware will come back.. if you can confirm that for me would be great
Try safety.live.com run a full scan. Once the virus is identified click remove. Install Microsoft security essencials to keep your PC protected at all time. Once you have done this install MBAM and run a quick scan, removed the unwanted files and you will be ok. Hope this help.
angel, already done all of that and funnily enough in the same order you said lol
ill just reboot and see what happens
I had this virus, couldn’t get to anything (i.e. Internet) to download MBAM. Ran CA Anti-Spyware, it seamed to “grab” it… now I have no Internet and all my programs (i.e. last configuration, outlook, sony vaio help) all asks me what to open with and won’t allow me to do anything.
Any ideas?
Kristen,
Click Start, Run.
Type command and press Enter.
Type notepad and press Enter.
Notepad opens.
Copy all the text below into Notepad.
Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\Software\Classes\.exe][-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
I have tried the pc doctor, requires money, mbam, wont open, and a freeware from cnet adg or avg or something and nothing has fixed my problem. I cant get to the internet on the laptop. i cant find any of the files listed people mention. none of the files or folders are created as stated. but all of the same pop-ups, warnings, and Internet Security 2010 windows. if it has evolved it is tougher to find to kill. Any suggestions?
Corey, if above instructions does not help you, then probably your PC is infected with a new version of the rogue. Please open a new topic in our Spyware removal forum. I will help you.
I tried your steps but got caught up when I ran the HijackThis program…none of the files that you’re supposed to select and then fix showed up on mine; yet I keep getting the “Vista Internet Security 2010” pop-ups every 5-10 minutes. I don’t know what to try now.
Marissa, use the following steps.
This works. You don’t need to see files. Just end process av.exe and run malware….you may have to keep ending av.exe process…..I actually had to print of instructions cos it kept shutting down my browser
I’ve tried to follow the instructions with the Double Click fix.reg and click YES for confirm.
but it won’t let continue. Also the XP Internet Security 2010 won’t allow me to access the internet (IE7 or Firefox)so i can’t download any malware. I’m working from a separate laptop to figure out how to remove this thing!
Joyce, click right button to fix.reg and select Merge.
Patrik, thank you again it wrked like a charm deleting the virus. However I cannot run any exe files at all it gives me the \cannot open file\. I saw that you answered the question some posts back but I need you to put it in dummy for me i.e. step by step if you don’t mind…Thank you again
Jason, use the first step from the instruction.
Well, Patrik, it worked my computer seems to be funtioning normal. Dude, I have to say that I would totally marry you but alas I am already married, oh and I am a guy 🙂 In all seriousness I just wanted to thank you once agian. You know, you don’t HAVE to help people out but you CHOOSE to and that makes you special. Thank you, thank you, thank you.
ca security 2010 locked up my laptop. Can’t get any icons just wallpaper so how do I even being such as hit “start” won’t do anything. Please help