Welcome to my site!

Thank you for dropping by! Really appreciate it. Feel free to add comments or suggestions or let me know which topic do you enjoy reading so I can blog more about it!
Again thanks a lot..happy reading!

Thursday, February 11, 2010

Internet Security 2010

RogueAntiSpyware.InternetSecurity2010 is a Rogue Anti - Spyware program that displays fake messages to trick users that their computer is infected and to persuade them to purchase the product. The program usually arrives as a file dropped by a Trojan or downloaded from the internet.


Upon execution, it creates a copy of itself as: %ProgramFiles%\InternetSecurity2010\IS2010.exe

It also adds the following Windows shortcut files pointing to the rogue antispyware:

% desktopdirectory%\Internet Security 2010.lnk

%StartMenu%\Internet Security 2010.lnk

It adds the registry entry below so that the program will run every time Windows starts: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] Internet Security 2010 = "%ProgramFiles%\InternetSecurity2010\IS2010.exe"

Once running, Internet Security scans the infected computer and shows a list of malwares it found in the system. Please note that the said list is faked and the infected files are actually do not exist in the system.



It will display several fake alert messages and warnings and persuade users into purchasing the full version of this software - in order to remove the detected threats.









Aside from the annoying pop-ups and alert messages, it will not allow user to open certain application. Instead it displays a message stating that the application is infected thus, cannot be executed and the only solution is to purchse the product!



You should ignore all of these notifications and do not buy the product. Instead use the removal guide below to remove Internet Security 2010 from your machine for free.

Manual Removal Instructions

1. Locate and delete the the following files/folder:

C:\Program Files\InternetSecurity2010

% desktopdirectory%\Internet Security 2010.lnk

%StartMenu%\Internet Security 2010.lnk

% desktopdirectory% is a variable that refers to the current user's desktop, which is typically C:\Windows\Profiles\{user name}\Desktop on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Desktop on Windows NT, and C:\Documents and Settings\{User Name}\Desktop on Windows 2000, XP, and Server 2003

%StartMenu% % is a variable that refers to the the current user's Start Menu folder, which is typically C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.)

2. Removing the added registry entries

a. Open Registry Editor. Go to Start>Run, type REGEDIT, then press Enter.
b. In the left panel, double-click the following:

HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Run
c. In the right panel, locate and delete the entry:
Internet Security 2010 = "%ProgramFiles%\InternetSecurity2010\IS2010.exe"
d. In the left panel, double-click the following:
e. In the right panel, locate and delete the entry:

HKEY_CURRENT_USER>SOFTWARE> IS2010

To automatically remove Internet Security2010, use PC Tools spyware doctor that can be downloaded from http://www.pctools.com/.

No comments:

Post a Comment