Home > Threats > Internet Security 2010

Internet Security 2010

Posted on 11 December 2009 under Rogue Programs

1. What is Internet Security 2010?

Although not treated as a computer virus, Internet Security 2010 is able to cause enough trouble. Essential task of Internet Security 2010 - intrude computer system without agreement of the owner and gain financial benefit by scaring user and leading him up to buy counterfeit software. Installation process is carried out without user intervention, not displaying messages or windows during its progress. Internet Security 2010 is also known as a scareware or fake Anti-virus program. Internet Security 2010 belongs to the same family as Security Essentials 2010.

Internet Security 2010 uses several effective methods to cheat on victim. One of them - exaggerated computer scan reports. Immediately after Internet Security 2010 was installed, user will be given an impression that computer scan is being performed searching for threats. Is there computer viruses in the system or not, the program will report that scanner found many malicious objects, drawing up a list of a virus-like names.

Fake security warnings.
The second method is false warning display regarding computer security. Such warnings are irrelevant and are only displayed to scare user that his system is unsafe, thus persuading victim to buy Internet Security 2010 licensed version in order to fix encountered computer problems:
  • Your computer is infected! Windows has detected an infection of spyware! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.
  • System warning! Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
  • Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. It's highly recommended you scan your PC right now.
  • Critical Warning! Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
  • Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need update your current security software. Click OK to download official intrusion detection system (IDS software).
Trying to open an application (does not apply to Internet Security 2010 removal tool Spyware Doctor) will result in failure, which is explained by the following WARNING:
  • Application cannot be executed. The file is infected. Please activate your antivirus software.
Trying to open Windows Media Player or double-clicking on audio/video file will result in Fatal Error, which is simulated by Internet Security 2010: Windows can't play the following media formats: AVI;WMV;AVS;FLV;MKV;MOV;3GP;MP4;MPG;MPEG;MP3;AAC;WAV;WMA;CDA;FLAC;M4A;MID. Update your video and sound codec to resolve this issue. Acting on this message by pressing OK button or closing it using the "X" button, a disreputable webpage will open, offering user a solution - VSCodec Pro, which is paid. VSCodec Pro is a fraud and no cash transactions should be made.

Do not perform any Internet Security 2010 requested actions, especially transferring money, because buying full program version will not help in eliminating serious risks, as well as protecting computer from malicious attacks.

To start Internet Security 2010 removal process:
  1. Go to Windows directory and open System32 folder (C:\Windows\system32).
  2. Rename file taskmgr.exe to iexplore.exe or taskmgr to iexplore if file extensions are hidden.
  3. Double-click renamed file iexplore or iexplore.exe. If you were able to open Task Manager go to Step5.
  4. If Task Manager still cannot be started, resulting in "Task Manager has been disabled by your administrator" message, go to Start -> Run, type in
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
    and click OK. Then repeat Step3.
    * Edditing Windows Registry is complicated and should be performed by advanced computer user. Use this guide at your own risk.
  5. Under Processes tab find malicious processes and end them in order of precedence:
    · smss32.exe
    · IS2010.exe
  6. Proceed by downloading Internet Security 2010 removal tool without rebooting the computer.

2. Internet Security 2010 screen shot:

Internet Security 2010

3. How to remove Internet Security 2010:

  1. Internet connection might be disabled or Internet browser might be blocked by Internet Security 2010, so it won't be possible to download any files to infected computer. In this case please download all files required for Internet Security 2010 removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove Internet Security 2010 download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Internet Security 2010.

  5. Restart the computer to complete Internet Security 2010 removal procedure.
Note. Due to Internet Security 2010 impact, Spyware Doctor automatic updates may fail. Try update manually, by running Smart Update.

4. Internet Security 2010 files:


C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Documents and Settings\[username]\Desktop\Internet Security 2010.lnk
C:\Documents and Settings\[username]\Start Menu\Internet Security 2010.lnk

5. Hijackthis entries:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll