User Login

Help Community Login:

Remove the Win 7 Internet Security 2012 virus the Quick & Easy Way (Instructions)

1 reply [Last post]
STaRDoGG's picture
From:
Olympus
STaRDoGG
Head Mucky MuckJoined the Dark SidePremium Member (Gold)I'm a Code Monkey!The Steel CurtainI use FirefoxI use Google ChromeI use Internet ExplorerI use SafariLinux UserMac UserWindows UserI donated to GeekDrop simply because I love it!Booga Booga BoogaI took a bite of the AppleFormer Phrozen Crew MemberI'm MagicMember of VileThe Dr. put the stem on the apple!The JokerSomeone thinks you're udderly delightful!
Relationship Status:
Divorced
Joined: 01/14/2009
Posts: 2556
Drops: 3007
Mood: Curious

Last night during my usual blackhat grayhat travels I managed to get infected with the Win 7. Internet Security 2012 virus / trojan. Mine in particular came via the consrv.dll rootkit which tends to infest itself via bugs in popular software like Adobe producs and Flash. Nice. Thumbs Up

 

I happened to stop at ThePirateBay torrent search site which most likely had a flash object on it, which most likely attacked my vulnerable version of Adobe Flash (all speculation) and off it went. My first tip-off was when my Comodo Anti-virus popped up a message saying consrv.dll was found (as soon as I loaded the Pirate Bay page, so it must've been downloaded via the bugged Flash), so I chose the "Clean" option. I guess either Comodo's "clean" feature doesn't work, or the consrv.dll had already done it's work by installing the Win 7. Internet Security 2012 virus, or whatever, because as soon as I clicked the "Clean" button, b00m! I started getting all of the expected symptoms of the Win 7. Internet Security 2012 virus.

 

Fortunately though, the Win 7. Internet Security 2012 isn't a very "dangerous" virus/MalwareMalwarebytes Anti-virus / Anti-malware; all it really does is spam the hell out of you with popups telling you that your system is completely infested (it's not) with viruses, and wants you to pay for the registered version in order to clean it all out. Whatever you do, don't pay a cent via any of those popups, you're only helping to encourage these virus authors if you do. This is nothing more than a FakeAV (Fake Anti-Virus).

 

What Win 7. Internet Security 2012 Does:

  • You'll get notices in your system tray as popup balloons
  • An icon in your system tray, typically looks like a shield to make you think it's some sort of genuine protection
  • Popup dialog boxes in the bottom corner of your window
  • False, but very genuine looking, Windows Security Alerts
  • Whenever you try to run any program with a .exe extension, it'll hijack it, stop it from running, and instead show you a popup message saying that the program you just tried to launch is infected, (again, it's NOT).
  • Adds a few registry keys to run itself whenever you try to run Firefox or Internet Explorer (IE), and on startup
 

Example:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX..EXE\shell\open\command\(default)(Hijack.StartMenuInternet)
Bad: ("C:\Users\Scott\AppData\Local\wat.exe" -a "E:\Internet\Browsers\Firefox. x32\FIREFOX..EXE")
Good: (FIREFOX..EXE)

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX..EXE\shell\safemode\command\(default)(Hijack.StartMenuInternet)
Bad: ("C:\Users\Scott\AppData\Local\wat.exe" -a "E:\Internet\Browsers\Firefox. x32\FIREFOX..EXE" -safe-mode)
Good: (FIREFOX..EXE -safe-mode)

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default)(Hijack.StartMenuInternet)
Bad: ("C:\Users\Scott\AppData\Local\wat.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe")
Good: (iexplore.exe)

 

It'll also add itself to your usual startup registry key(s). The files it'll create are usually random 3 letter words + .exe, like my "wat.exe" example above.

 

Some examples of what the Win 7. Internet Security 2012 popups will say are:

Win 7. Internet Security 2012 wrote:

Win 7. Internet Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:

  • Dangerous code found in this site’s pages which installed unwanted software into your system.
  • Suspicious and potentially unsafe network activity detected.
  • Spyware infections in your system
  • Complaints from other users about this site.
  • Port and system scans performed by the site being visited.

Things you can do:

  • Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
  • Run a spyware, virus and MalwareMalwarebytes Anti-virus / Anti-malware scan
  • Continue surfing without any security measures (DANGEROUS)
 
Win 7. Internet Security 2012 wrote:

Win 7. Internet Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

 
Win 7. Internet Security 2012 wrote:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

 
Win 7. Internet Security 2012 wrote:

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

 

Removal: How to Remove Win 7. Internet Security 2012, the super-easy way:

Set your system Date & Time ahead 7+ days. Wait a little bit (up to an hour or so), or just restart your computer. That's it! All clean!

 

Why does this work? Because, as I mentioned earlier, the Win 7. Internet Security 2012 isn't a particularly insidious MalwareMalwarebytes Anti-virus / Anti-malware; it'll do everything in it's power to annoy you, scare, and you stress you out, but it's main goal is to just get you to cough up that money for it's so-called registered, pro version (which by the way, you won't get anything at all other than a lighter wallet if you do pay up to them). If you don't pay them within about a week, apparently the author(s) assume that you won't ever pay for it and it removes itself (how polite of them ...). So setting your system date ahead a week tricks it into thinking it's time to remove itself.

 

The next thing you should do is run a known, good anti-MalwareMalwarebytes Anti-virus / Anti-malware scanner, like MalwareBytesMalwarebytes Anti-virus / Anti-malware and/or SuperAntiSpyware. Or even BOTH one after the other, all just to be on the safe side, and for that extra piece of mind. (Clean out anything they may find, if they do).

 

You can reboot your system again once you're all clean and set your Date & Time back to your real Date & Time.

 

Some Other Tips:

  • While I was diagnosing my issue, I found that since Win 7. Internet Security 2012 hijacks .exe files, making it almost impossible to run your MalwareMalwarebytes Anti-virus / Anti-malware scanners, if you make a copy of the scanner's main .exe and rename the .exe to .com, you'll then be able to run them as usual.

    For example, to be able to run the MalwareBytesMalwarebytes Anti-virus / Anti-malware scanner:

    • Press Win + E to bring up Explorer
    • Navigate to your installation of the program highlight the mbam.exe file
    • Press Ctrl + C and then Ctrl + V to make a copy of it
    • Finally, rename the .exe portion to .com

    In fact I recommend doing this for your scanners even when you don't have any infections just in case you need to run them down the road during an infection. You can set these up to be your normal shortcut to the file instead of it's usual .exe version so that you can just run it from wherever you placed it shortcut, just be sure to do the process over again if the softwares' main program gets updated.

  • Don't click on any of the buttons in any of the popups. Just leave them alone. You can't trust anything these virus authors tell you, including a simple "close this window" or similarly phrased button. It may do the opposite if what it says. There's only one exception (below) and I don't even recommend bothering to do that ...
  • There have been some claims that if you enter one of these 2 serial numbers into it's registration field, it'll disable / clean / remove itself, because it thinks it got your money "legitimately".
    • 1147-175591-6550
    • 2233-298080-3424 3425-814615-3990
  • Some other names for the Win 7. Internet Security 2012 virus can be:
    • Vista Internet Security 2012
    • XP Internet Security 2012
    • ^-- Which attack those Windows Operating Systems' respectively, and/or a difference in the year at the end of the name, i.e. XP Internet Security 2011
Win 7 Internet Security 2012 Malware Virus Trojan Removal

If we've helped you at all with this removal guide, please be sure to click that Facebook "Like" button to recommend it to all of your friends or family, and we'd love if you also Liked our Fan page. If you have any other tips, advice or info on removing / cleaning Win 7. Internet Security 2012, leave us a comment. Smile

I Averaged: 2 | 1 vote


Read More ...





Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
STaRDoGG's picture
From:
Olympus
STaRDoGG
Head Mucky MuckJoined the Dark SidePremium Member (Gold)I'm a Code Monkey!The Steel CurtainI use FirefoxI use Google ChromeI use Internet ExplorerI use SafariLinux UserMac UserWindows UserI donated to GeekDrop simply because I love it!Booga Booga BoogaI took a bite of the AppleFormer Phrozen Crew MemberI'm MagicMember of VileThe Dr. put the stem on the apple!The JokerSomeone thinks you're udderly delightful!
Relationship Status:
Divorced
Joined: 01/14/2009
Posts: 2556
Drops: 3007
Mood: Curious
Re: Remove the Win 7 Internet Security 2012 virus the Quick ...

Also, if you've discovered that your Windows Security Center Service got screwed up or is missing, see our solution here: Windows Security Center Service is missing and wont start, Solved.



Shhh.. dont tell anyone, but we also have a private forum area with the really good stuff, see?

Who's New

davidclay123's picture
Sunny's picture
ZDooX's picture
Miamihot2007's picture
Fred McBen's picture
Sri's picture
bammer's picture
akay's picture
r1sc's picture
hakimo's picture
Tanpro's picture
Edualc31's picture
Dareyeww's picture
Tomel's picture
kik's picture
facebook codes exploits tips tricks Phrozen Crew
All contents ©Copyright GeekDrop 2009-2017
TOS | Privacy Policy