Fake anti virus? Internet Security Eseentials

[T0bias]

Hi,

I suspect that my dad has gotten a fake anti virus on his PC. It's called "Internet Security Essentials" which suddenly appeared today. He don't remember having clicked on anything suspicious however, but the software lists like 20-30 viruses that he apparently has, and it asks for an upgraded version that will remove it all which of course costs a bunch of money.

I have googled it and it seems like there are similar fake anti virus programs, but I couldn't find any information on one with exactly this name. Currently the free version of Avast anti virus is installed on his computer, but this doesn't find anything in a complete system scan.

So anyone got an advice on how to remove this thing?

Thanks in advance.

 

[VirtualLarry]

Yeah, sounds fake to me. There have been several fake AVs masquerading as a variant of Microsoft's Security Essentials.

 

[T0bias]

You got any idea on how to remove it?

I found that Malwarebyte's anti-malware supposedly could remove some variant of it, so I figured it might be worth a try for this one too. It's doing a scan right now..

 

[T0bias]

It appears that Malwarebyte successfully removed it. It found 3 infected files and ~790 infected registry entries, removed it all and now the "antivirus" doesn't load up when starting Windows.

Can I be sure that it's gone for good now?

 

[warrax10]

It appears that Malwarebyte successfully removed it. It found 3 infected files and ~790 infected registry entries, removed it all and now the "antivirus" doesn't load up when starting Windows.

Can I be sure that it's gone for good now?

You can never be 100% certain its gone without a clean re-install of windows. That said, you might want to boot to safe mode and run Malware again. I have seen malware pick up stuff in safemode that it missed during a regular scan.

 

[fredbeard1301]

I always use more than one software solution when fighting this crap. Try the free version of Emisofts A^2. (http://www.emsisoft.com/en/software/download/) in combo with MB. Since MwB is getting so popular some writers are doig thier mad bes to disable the install executable as well as the updates.

Also check the registry entry for the rogue software name HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunOnce as well as HKCU\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce

NOTE: Don't edit the reg w/o backing up first!

 

[ViviTheMage]

google the name of the software + removal, there's a few walkthroughs on how to clean it up entirely, it's actually a pretty "stupid" piece of maleware.

 

[Marinski]

I cleaned this off a pc last week. Run Malewarebytes quick scan in safe mode, that will pick it up, delete all . It can also change your browser proxy settings and hosts file so you will need to change your proxy settings back and possibly edit your hosts file. Also, delete the folder that it creates and reg entries, if youre comfortable. That should get it back to normal.