Last night during my
usual blackhat grayhat travels I managed to get infected with the Win 7. Internet Security 2012 virus / trojan. Mine in particular came via the consrv.dll rootkit which tends to infest itself via bugs in popular software like Adobe producs and Flash. Nice.
I happened to stop at ThePirateBay torrent search site which most likely had a flash object on it, which most likely attacked my vulnerable version of Adobe Flash (all speculation) and off it went. My first tip-off was when my Comodo Anti-virus popped up a message saying consrv.dll was found (as soon as I loaded the Pirate Bay page, so it must've been downloaded via the bugged Flash), so I chose the "Clean" option. I guess either Comodo's "clean" feature doesn't work, or the consrv.dll had already done it's work by installing the Win 7. Internet Security 2012 virus, or whatever, because as soon as I clicked the "Clean" button, b00m! I started getting all of the expected symptoms of the Win 7. Internet Security 2012 virus.
Fortunately though, the Win 7. Internet Security 2012 isn't a very "dangerous" virus/Malware; all it really does is spam the hell out of you with popups telling you that your system is completely infested (it's not) with viruses, and wants you to pay for the registered version in order to clean it all out. Whatever you do, don't pay a cent via any of those popups, you're only helping to encourage these virus authors if you do. This is nothing more than a FakeAV (Fake Anti-Virus).
Bad: ("C:\Users\Scott\AppData\Local\wat.exe" -a "E:\Internet\Browsers\Firefox. x32\FIREFOX..EXE")
Bad: ("C:\Users\Scott\AppData\Local\wat.exe" -a "E:\Internet\Browsers\Firefox. x32\FIREFOX..EXE" -safe-mode)
Good: (FIREFOX..EXE -safe-mode)
Bad: ("C:\Users\Scott\AppData\Local\wat.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe")
It'll also add itself to your usual startup registry key(s). The files it'll create are usually random 3 letter words + .exe, like my "wat.exe" example above.
Win 7. Internet Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
Things you can do:
Win 7. Internet Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Set your system Date & Time ahead 7+ days. Wait a little bit (up to an hour or so), or just restart your computer. That's it! All clean!
Why does this work? Because, as I mentioned earlier, the Win 7. Internet Security 2012 isn't a particularly insidious Malware; it'll do everything in it's power to annoy you, scare, and you stress you out, but it's main goal is to just get you to cough up that money for it's so-called registered, pro version (which by the way, you won't get anything at all other than a lighter wallet if you do pay up to them). If you don't pay them within about a week, apparently the author(s) assume that you won't ever pay for it and it removes itself (how polite of them ...). So setting your system date ahead a week tricks it into thinking it's time to remove itself.
The next thing you should do is run a known, good anti-Malware scanner, like MalwareBytes and/or SuperAntiSpyware. Or even BOTH one after the other, all just to be on the safe side, and for that extra piece of mind. (Clean out anything they may find, if they do).
You can reboot your system again once you're all clean and set your Date & Time back to your real Date & Time.
For example, to be able to run the MalwareBytes scanner:
In fact I recommend doing this for your scanners even when you don't have any infections just in case you need to run them down the road during an infection. You can set these up to be your normal shortcut to the file instead of it's usual .exe version so that you can just run it from wherever you placed it shortcut, just be sure to do the process over again if the softwares' main program gets updated.
If we've helped you at all with this removal guide, please be sure to click that Facebook "Like" button to recommend it to all of your friends or family, and we'd love if you also Liked our Fan page. If you have any other tips, advice or info on removing / cleaning Win 7. Internet Security 2012, leave us a comment.