I have to say this is one of the nastiest pieces of software I’ve ever encountered. I’d like to thank in advance all of the folks who put up posts to help people rid themselves of this, plus Bill Chin here in Roxbury who has removed this from 100’s of machines over the last few months. Sites that I used as a reference for removing the Malware were Soft Sailor and BleepingComputer . If you’re local here in Connecticut you can get in touch with Bill Chin, Software Matters, LLC, at softwarematters at juno.com .
Here is what this virus did to my Windows XP System:
- Shut Down Zone Alarm Anti-virus Software
- Disabled Task Manager so I couldn’t shut it down
- Posted many, many pop ups saying the system was infected and to buy Internet Security 2010
- Disabled the control panel functionality
- Changed and added registry entries
There were so many other things it did I thought I’d never get rid of it. I tried several anti-spyware packages and Malware packages, plus removed quite a few things manually. Here is what eventually worked for me….
1. I installed Process Explorer on the System. Process Explorer does the same thing as windows Task Manager, maybe a little better. IS2010 didn’t stop this from running or infect it so I was able to stop Internet Security 2010 and a few of the other obvious rogue programs.
2. I unplugged the system from the internet.
3. I navigated to the programs directory and deleted the entire directory for Internet Security 2010. Note that if you try to use the add/remove functionality in the control panel, IS 2010 doesn’t even show even though it’s installed.
4. I downloaded SpyBot and Malwarebytes’ Anti-Malware Download Link on another computer and put on a thumb drive for use on the infected system. I then moved the installers from the thumb drive to the desktop of the infected system.
5. Next step was to plug the internet cable back in and run Spybot. It will find a ton of problems. Select them all and delete them all.
6. Run Malwarebytes. Be sure to read the article on Bleeping Computer because sometimes IS 2010 actually infects or renders Malwarebytes and other anti-malware programs inoperative. If so, you will have one more download to do.
7. Delete everything it finds and follow the instructions.
8. I then uninstalled both programs, rebooted the system and then reinstalled both and ran them again in the same order.
I believe the system is now free of IS2010. I will continue to run both programs at least monthly. I will leave Zone Alarm on full time too.
Good luck if you’re dealing with this nasty beast. You’re probably looking at a day or more before you get back on your feet.