Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Monday, January 23, 2012

Remove "Internet Security 2012" Malware (Uninstall Guide)

Tell your friends:
Internet Security 2012 is a fake antivirus program that pretends to scan your computer for malicious software and asks you to pay for said software in order for it to be able to remove spyware, Trojan horses and other high-threat nasties. Some end users came across this obnoxious virus a while ago. Turns out they were searching for a way to download popular movies. Visiting shady and infected websites is one of the most common ways to get infected with scareware or ever worse, password stealing Trojans and adware.

You really shouldn't browse such websites, because they are usually less than legal. Anyway, I'm sure you have seen one of these infections in the past. The problem is that they can look very convincing and hold the system hostage. Internet Security 2012 designed to protect wouldn't allow certain programs to run claiming they are infected, even though this is not the case. The fake AV infection blocks legit anti-virus software and may even hide certain files to make it look like your computer is really messed up.



Once executed, Internet Security displays a bunch of fake security warnings and notifications. The fake warnings has several sings that they are not legitimate. Some of the statements just don't make sense, full of misspellings. For example. the rogue program was tellin me that 'iexplore.exe' was a virus and had been prevented from running.
iexplore.exe can not start
File iexplore.exe is infected by W32/Blaster.worm.
Please activate Internet Security 2012 to protect your computer.


Well, actually, it's a perfectly legitimate Windows file and even though it can get infected, this isn't the case. Do not follow instructions on screen and do not purchase it. Cyber crooks make money from people who buy the bogus software. Gathered information, including your name, address and credit card details, can put you at risk of identity theft. If you mistakenly thought it was a real and bought it, please contact your credit card company and dispute the charges.

Booting your computer in safe mode is a good first start when it comes to dealing with fake antivirus programs. Internet Security 2012 won't get a chance to load and you will be able to remove offending files manually. After rebooting, you still need to scan your computer with recommended anti-malware software. This is an important step to take after manually cleaning up an infection to ensure that nothing has been missed. To remove Internet Security 2012 from your computer, please follow the removal instructions below. Of course, nothing is ever that simple. So, if you need help removing this malware, please leave a comment below. Good luck and be safe online!



Manual activation and Internet Security 2012 removal:

1. Choose to remove threats and manually activate the rogue program. Enter one of the following codes

Y68REW-T76FD1-U3VCF5A
Y86REW-T75FD5-U9VBF4A
Y76REW-T65FD5-U7VBF5A
Y86REW-T75FD5-9VB4A
SL55J-T54YHJ61-YHG88

(and any email) to activate Internet Security 2012.



2. Then download recommended anti-malware software (direct download) and run a full system scan to remove this rogueware from your computer.


Internet Security 2012 removal instructions in Safe Mode with Networking:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Open Internet Explorer and download TDSSKiller. Run the utility and click Start Scan to anti-rootkit scan.

3. Then recommended anti-malware software (direct download) and run a full system scan to remove the rogue virus from your computer.


Manual Internet Security 2012 removal instructions:

1. Right click on the "Internet Security 2012" icon, click Properties in the drop-down menu, then click the Shortcut tab.



In the Target box there is a path to the malicious file.



NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

- Hide extensions for known file types
- Hide protected operating system files

Click OK to save the changes. Now you will be able to see all files and folders in the Application Data/Program Data directory.

3. Rename malicious process.

File location, Windows XP:
C:\Documents and Settings\All Users\Application Data\isecurity.exe

File location, Windows Vista/7:
C:\ProgramData\isecurity.exe



Rename isecurity to virus or whatever you like. Example:



4. Restart your computer. The malware should be inactive after the restart.

5. Open Internet Explorer and download TDSSKiller. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.



6. Download recommended anti-malware software (direct download) and run a full system scan to remove Internet Security 2012 virus from your computer. That's it!


Internet Security 2012 associated files and registry values:

Files:
  • C:\ProgramData\isecurity.exe (Win Vista/7)
  • C:\Documents and Settings\All Users\Application Data\isecurity.exe (Win XP)
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security 2012"
Share this information with other people:

63 comments:

MSC said...

would be nice if you could remove the comment on "surfed less than legal sites": AFAIK all sites I visited this morning were perfectly legal, searching for cycle tracks in the Inner West of Sydney and trying to find out whether I want to volunteer with Lifeline.

Would you be interested in IE log?

Anonymous said...

tks, your guide help me.

for Brazil, Carlos.

-------------

Anonymous said...

"Open Internet Explorer"....

Only reason to open Internet Explorer is to download Chrome or Firefox.

Four steps to complete virus & malware protection:

1) Install any good antivirus.
2) Install any browser except IE.
3) Delete IE.
4) Use some common sense - if the link showing in the info bar when you hover over a link is completely different to what the link says - DON'T CLICK ON IT.

Anonymous said...

Unfortunately, your suggestion didn't help me. The program you suggested to install asked for a subscription ($$), and didn't removed the worm.
And now it seems that your System Doctor took complete control of my Laptop, and it get worse.

Anonymous said...

thanks it worked

Anonymous said...

Top Tips. Removed easily just by following these steps. Thanx alot

Anonymous said...

Thanks

Worked perfectly.

Anonymous said...

you dont explain where to enter the following codes.... I was stuck at the very beginning

bboop said...

I am so appreciative of the information you shared! Thanks so much. I was tricked by this site one other time but thanks to your help I was able to remove the threat form my son's computer.

happy_man said...

awesome...! this works, thanks...

Anonymous said...

i can attest to this being 100% legit! thank you very much for your effort and easy to follow instructions.

Anonymous said...

I agree with it isn't always a bad site I happened to pick up on a web site for a local church thank you very much

Anonymous said...

It worked perfectly. thanks so much and God bless you.

Anonymous said...

Please help. After I run the Kapersky TDSSKiller and it tells you that it is necessary to reboot for cure completion, my computer will not shut down to reboot and I am forced to hold the power button so that it turns off. CAn someone helpp? Many thanks!

Anonymous said...

It worked!! thankss

Anonymous said...

I got this virus while on campus using a faculty computer!!!! Your blog solved the problem for me! Your are an Angel. 100% legit and helpful.

Anonymous said...

Spyware Doctor is asking me to pay in order to "fix checked" infected programs. Am I doing it wrong?

Zach said...

neither of those activation codes are working for me.

Zach said...

neither of the activation codes you provided are working for me. Are their new ones so soon. Or maybe older, this isn't my machine so I'm not sure when it was infected. Maybe months ago.

Anonymous said...

Thank you so much! This worked perfectly!

Anonymous said...

I managed to remove the stuff after entering the product key and being able to open programs on my computer.
Many of the steps on this page helped, however it seems to be possible without spyware doctor or whatever that $50 shit is...
A program that people trust more (like AVG) works just as well ;)

LizzieP82 said...

Wish I would have found this last when I needed it nd spent today thinkin I would b at best buy spending 200 min.. but thanxs to my curiosity nd Google I doin avg got a lil nervous as its scanning nd I c it says up top avg internet security 2012.. forty mins found 4 nd told me it was done nd I can go have fun :-) MrsNosss

Anonymous said...

Wow, 1000 times thank you ! haha i wasnt sure this was real or fake but had some doubt on it. Your code worked perfectly for me and im very happy my computer is ok now. :D thanks again

Anonymous said...

Very thanx to u, my problem solved :D

Anonymous said...

This was great, thanks a lot!

Anonymous said...

Thanks for that, my wife will be very happy but I will get the credit and reward.:)

Anonymous said...

You don't really need to activate anything, just change the name of the file iesecurity to anything else in safe mode, and then any half decent spyware/malware remover should do the job.Greatly appreciated the tips though :)

Alcina said...

Thanks so much..this worked real well.

Anonymous said...

I guess there’s a slightly different version out there now. I couldn’t find the .exe in the location you suggested but restarting in safe mode and searching the drive found it in c: \users\[username]\appdata\roaming
The registry setting the article specifies also pointed to the above path. Deleting both then removing the root kit seems to have don’t the job.
Thanks for taking the time to blog about this. I didn’t know where to start when my AV protection didn’t prevent this from happening in the first place.

Anonymous said...

Your instructions were accurate and enabled me to remove this malware. I will be more careful about the sites I visit, thanks.

Anonymous said...

I want to thank you for your blog.Your suggestions really helped me in removing of malwares from my computer.

Regards,
David from Tbilisi, Georgia.

Anonymous said...

Useless, did not work at all.

Anonymous said...

Safe mode and search for isecurity - it was in : C:\Users\[user]\AppData\Roaming. Deleted it n hopefully problem solved. Thanks for the blog and comments as well-really helpful. My comp=toshiba n windows 7

Anonymous said...

Your instructions worked, but I too would appreciate you removing the offensive comment about surfing "less than legal sites". All I did was click on a result high in Google Search results for "Wordpress gold price widget" while working to rebuild a blog. Most of them were legitimate metals companies. There was no way to know.

Steve M.

Anonymous said...

It's pretty messed up how i only went to a site about League of Legends (a game I play) and got this annoying burden. Way to waste an hour of my time internet.

Anonymous said...

The code worked like a champ tks guys. That internet security 2012 really tried to pull a fast one..

Anonymous said...

Ahhhhh.. many thanks! I love smart people! :)

Anonymous said...

how did you obtain the codes to the rogue anti-virus?

Admin said...

The codes were hard coded in the executable file.

Anonymous said...

So all the different steps are just different ways to remove the virus or do we have to do all of them. I kinda dont know much about computers sorry

Admin said...

No, you don't need to follow all of them. Just choose one that is the most acceptable for you.

Anonymous said...

I cant figure any of these out! i am a teenager so i dont know much about any of this. i am trying to do the safe mode one. i downloaded the tbss killer and ran it. then downloaded the spyware doctor but i dont want to pay for it to remove this internet security crap...so how can i?

Anonymous said...

I got the file renamed to virus.exe in the same location but kept getting a message that it wasn't acceptable. I finally restarted the computer anyway and gave it my password and the screen appeared with the background but no icons. I've been waiting several minutes to see if anything else would appear but nothing. Any idea what to do now? Thanks.

Anonymous said...

I renamed the target file to virus.exe in the same location but kept getting a box saying the name was not acceptable. I finally restarted anyway and put in my password, got the background screen and nothing else for several minutes - now the icons just popped up and the Internet Security thing again. Another other suggestions?

Iskander said...

thanks a lot!!! followed manual uninstall instructions, worked perfectly.

(cant provide information as to how the computer became infected... this was my parents' system, not mine)

ran ' tdsskiller ' did not find the rootkit, so I am wondering if i should keep looking for it or not.

agree with comment about internet explorer

Anonymous said...

Gracias Hermano estuvo bueno tu post, de veras me ayudo bastante, tus conocimientos son bastante generosos

Scout said...

Loggin in with the fake info was perfect! Thank you so much. That was so frustrating.

Anonymous said...

THANX! i logged in with that fake email and it works again perfectly! thanx thanx thanx thanx thanx thanx and thanx

Anonymous said...

non of the codes is working for me!!!is that any other one??

Anonymous said...

2013 version of the malware is located at c:\documents and settings\all users\application data\amsecure.exe

Anonymous said...

i was able to stop "Internet Security 2013"
c:\programdata\amsecure.exe

After a restart I downloaded Mcafee from my ISP

Thanks for the info

Anonymous said...

Trying all the codes. All say they are wrong! Help please :/

Anonymous said...

Do it manually. After you enable the folders to be seen, go to Computer...local c...Program data...then arrange the contents of the program data folder by "date modified." This will likely put an icon called "amsecure" near the top. Rename that file, restart the computer, you'll be good to go. At least that worked for me. No reason to download anything. I have very little technical skills and i did it manually. Quit being lazy

Anonymous said...

I am having problems with removing the virus when I put in the code its saying that it is incorrect but the problem is that the program I am trying to remove is internet security 2013 is there a different remove guide????

Admin said...

They've probably changed the registration code. It may take some time to crack it. Meanwhile, try the alternate (manual) removal guide. It's the same infection, only now it's called Internet Security 2013 and it uses a different reg code.

Anonymous said...

I just got rid of the Internet Security 2013 by starting in safe mode, running a quick scan with Microsoft Security Essentials, removing the malware, and restarting- it came up for 30 seconds then MSE got rid of it (Y)

Lis said...

Thank you soooo much! It worked for me perfectly by doing it manually. The path on mine was indefender.exe. instead of amsecure.exe.

Anonymous said...

It immediately appeared on my computer after innocently visiting sites that could tell me what television channels were available in Minorca, Spain. I simply wanted to find out if any English language channels were available over the air or on cable if I vacationed there. All of the sites pertaining to television in Minorca looked and seemed to be legitimate. What a pity that criminals stoop to victimizing innocent people online.

Anonymous said...

Internet Security Pro 2013. Nothing is working. I am in safe networking mode and I cannot download any malware removal software it will say failed virus, deleted...

activeheart@live.com

Anonymous said...

thanks alot for great information. i simply started in safe mode with netwoking and removed both shortcut on desktop and file from location and rebooted normally.and its working.

Anonymous said...

Thanks so much, I thought I was going to have to re-image my computer

Anonymous said...

I have a laptop with the virus. Now it will not reboot at all. It seems like it is frozen and the only options are f2 or f12. could you please help me.

Anonymous said...

latest version is called issecurity.exe