PDA

View Full Version : Question for Tech types regarding possible CPU Virus


BYU 14
02-08-2010, 08:34 AM
First off I am using The Shield Deluxe 2009 for my antivirus / internet security program and it has been pretty solid for me.

Yesterday though I got a pop-up from a program called "Internet Segurity 2010" telling my I was getting attacked, I had a Trojan Virus, etc.

It appears to be one of those programs that somehow installs itself, then sends false infection warning popups to get you to go to their site and purchase, presumably with the intention to steal credit card information.

I run my antivirus and it can't disinfect or delete two of the files and I continue to get the popups.

I try manually deleting the two portions of the file and get a message that it is use by another person/program and can't be deleted.

I try system restore and I get a message saying the program is infected and can't run (So I assume this program is now blocking me from restoring to a time prior to it's installation)

First off I am pissed my The Shield even allowed this to bypass my security settings, but the main question is, any ideas how I get rid of it?

DaddyTorgo
02-08-2010, 08:38 AM
Remove Internet Security 2010 (Uninstall Guide) (http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010)
Remove Internet Security 2010, removal instructions (http://www.2-spyware.com/remove-internet-security-2010.html)
How To Uninstall / Remove Internet Security 2010 Virus (Removal Guide) – SoftSailor</title><title> How To - Tips and Tricks - SoftSailor (http://www.softsailor.com/how-to/13827-how-to-uninstall-remove-internet-security-2010-virus-removal-guide.html)

BYU 14
02-08-2010, 08:41 AM
You're awesome DT, thanks!

jbergey22
02-08-2010, 08:41 AM
I would run malwarebytes followed by combofix. It would actually be better if you turned off your restore until this problem is fixed as that is where the virus can recover itself.

DaddyTorgo
02-08-2010, 08:43 AM
test

MacroGuru
02-08-2010, 08:48 AM
I have been combating this for the past week...the daughter got on the laptop and AVG missed it and I used Combofix, Malware Bytes combo to get rid of it.

jbergey22
02-08-2010, 08:48 AM
Is this thread f'ed up? I cant see past the first 2 posts.

DaddyTorgo
02-08-2010, 08:50 AM
strange - so i posted those 3 links and now i can't see anything below that in the thread...nor is my "edit" button there for them so i can delete them...weird

BYU 14
02-08-2010, 08:52 AM
I get your links still, but my original post is gone???

lighthousekeeper
02-08-2010, 09:06 AM
i had to remove this from my father in law's computer last month. it was nasty and took me about 6 hours.

Oilers9911
02-08-2010, 09:52 AM
Malwarebytes is the best tool I have found for getting rid of this problem.

BYU 14
02-08-2010, 10:12 AM
This is a bear, I started the process as indicated on the website, using rkill first, then Malwarebytes and suddenly lost all my icons and had no way to start it back up.

Cold booted in safe mode and got my icons back and Malwarebytes is now cleaning. what really bothers me is that thi sprogram has already found 46 infected files that my Anti-Virus software completely whiffed on!! :(

Alan T
02-08-2010, 10:25 AM
Sorry that you all are having to suffer through this one. The links posted above really do as good of a job explaining how to remove it as I could. A few comments though on the original post from BYU..

I don't recommend the shield to anyone. If you want a good solid free antivirus, right now I recommend avast the most followed by avira (even though avira's update process lately sucks, it is pretty rock solid for combatting viruses).

Also as best I am aware, the way Internet Security 2010 virus infects your computer is as you say by making you think you are already infected. It usually uses iframe exploits on web pages to allow the popup ad that you see appear. There are different variants of the virus, but the most common one is by getting you to click on the ad and then hitting ok to "scan" your system it actually infects the virus at that point.

The best way to prevent those type of viruses is by running noscript with firefox and blocking iframes, or going deep into internet explorer settings and turning off almost everything.

MacroGuru
02-08-2010, 03:09 PM
Alright...

I am ready to pull my damn hair out.

I go through clean everything off to the point Spybot, Malware Bytes and Combofix report it all removed...I run fine for a while and then wham...something else is back....this time it's the Your PC Protector....I am going to freaking scream and through my laptop out the damn window.

It's almost making me want to move purely to Linux.

BYU 14
02-08-2010, 09:13 PM
Just got home and Malware Bytes reports everything removed, going to run combo fix to be sure and then check out Avast as you suggested Alan.

Still pretty f'd up when a free anti-virus program outperforms one that costs almost 50 bucks.

Going to leave my system restore off for a couple of days to make sure it doesn't resurface, this one was a real pain in the ass!!

DaddyTorgo
02-08-2010, 09:16 PM
Alright...

I am ready to pull my damn hair out.

I go through clean everything off to the point Spybot, Malware Bytes and Combofix report it all removed...I run fine for a while and then wham...something else is back....this time it's the Your PC Protector....I am going to freaking scream and through my laptop out the damn window.

It's almost making me want to move purely to Linux.

you trying to remove this one? it's clearly hibernating in your system somewhere - use that rkill program?

DaddyTorgo
02-08-2010, 09:19 PM
weird - so internet explorer errored on my original post and i couldn't see the rest of the thread all day...but at home firefox has no issues with it.

yeah yeah i know...but i have to use IE at work due to some compatibility issues with certain websites i use everyday

MacroGuru
02-08-2010, 09:56 PM
you trying to remove this one? it's clearly hibernating in your system somewhere - use that rkill program?

I think I finally got it...

Combofix, reboot....spybot...reboot....malware bytes....rkill....It's all good so far.

BYU 14
02-12-2010, 08:11 AM
Gotta give you guys props on Malwarebytes, since running it my CPU performance is noticeably better and solved the IS 2010 issue no problems.

BYU 14
02-15-2010, 08:52 AM
I don't recommend the shield to anyone. If you want a good solid free antivirus, right now I recommend avast the most followed by avira (even though avira's update process lately sucks, it is pretty rock solid for combatting viruses).

Let me second that, I won't even go into detail about what happened after my last post Friday in this thread, because I am an idiot and would prefer to avoid everyone else knowing the degree of my stupidity. :)

Needless to say when I get my computer back from the guy I have fixing it, I will never speak the name of the Shield again unless the TV show comes back.

MacroGuru
02-15-2010, 09:13 AM
Let me second that, I won't even go into detail about what happened after my last post Friday in this thread, because I am an idiot and would prefer to avoid everyone else knowing the degree of my stupidity. :)

Needless to say when I get my computer back from the guy I have fixing it, I will never speak the name of the Shield again unless the TV show comes back.

Smart Move! I am truly sorry you are experiencing what you have been.

cougarfreak
02-15-2010, 09:29 AM
My wife got this on her laptop last night, and I did a system restore in safe mode. It disappeared, should I do the malware thing just to be safe?

MacroGuru
02-15-2010, 09:33 AM
My wife got this on her laptop last night, and I did a system restore in safe mode. It disappeared, should I do the malware thing just to be safe?

Yup, I would.

cougarfreak
02-15-2010, 09:44 AM
Yup, I would.

Thanks, is it worth it to update to the paid version of malwarebytes?

MacroGuru
02-15-2010, 09:56 AM
Thanks, is it worth it to update to the paid version of malwarebytes?

I don't think so, but then again you are talking to someone who just dealt with this on his machine.

BYU 14
02-15-2010, 11:07 AM
Thanks, is it worth it to update to the paid version of malwarebytes?

The free version did the trick for me. Malwarebytes is very solid for a free program, don't forget to run it in conjunction with RKILL though. (RKILL firstm then Malwarebytes)