Infected with Internet Security 2010 Trojans

I'm infected with the Internet Security 2010 trojan and after searching your site, I downloaded the malwarebytes setup and installed it, but when I went to doubleclick the icon to start it up, it says it couldn't find the program. I attempted to do this a few times. Any reason why this wouldn't work, or are there other full instructions to automatically get rid of this program? I use McAfee and Spyware Doctor.

Thank you

You might want to have a look at the instructions posted here.

Read carefully and pay close attention to details. You should be able to remove it with these instructions.

If that is not the case, please post back.

Thanks. These are the instructions I used. I'll try again tonight. When I doubleclicked on the mbam-setup.exe shortcut on my desktop that I downloaded, it says it couldn't find the application. Not sure if it was removed by Spyware Dr or McAfee or the trojan or if that was even possible?

You may want to try downloading Malwarebytes and renaming it to something like newsetup.exe. Something completely off the wall. That way any spyware or malware on your computer may leave it alone during install.

I tried to do that and it wouldn't work. I was able to download the rkill.com and run that program, but couldn't get the anti-malware program to work. I tried to then get on the Internet to try and download it again, and my computer kept locking up, so I manually re-booted my CPU, but now I can't even get my computer to turn back on. Everytime I try to turn it on, nothing happens. I can press F8 in the very beginning and it brings up some options, but I'm not sure what to do next.

Ok. Reboot your computer in "safe mode".

When you get to your desktop, run rkill.com. Once that completes, once again install Malwarebytes from the "newsetup.exe" file that you just downloaded.

Open malwarebytes and click on the settings tab. Make sure you put a check next to: Terminate Internet Explorer during removal.

Go back to the scanner tab and run a full scan on your computer. When it is finished, allow malwarebytes to remove the entries shown to be malware or malicious ( everything in the list ). If Malwarebytes asks you to reboot to complete the cleaning, allow it to reboot.

Let your computer reboot in normal mode. Once your desktop is visable, once again, open malwarebytes and click on the update tab.

Click Check for Updates. After the updates have been downloaded and applied, once again run a Full Scan of your system. Once complete, allow malwarebytes to remove everything in the list and if it needs to reboot, allow it.

Once rebooted, go here and download Dr. Web CureIT.

Download this to your desktop. It will be a strange file name ( i.e. 23ewt48d.exe ) as this is done purposely. The icon will look like a spider.

Open Dr Web CureIT and you will be presented with a screen asking you to view the purchase terms. Click on Cancel. Next, click on Start. You will be given another screen stating what Dr. Web CureIT is about to perform on your computer and asked if you want to "start scan now". Click OK to this and allow the scan to run.

Let me know if you have any problems.

Thanks. I'll try that later when I get home. Do I have to do anything special to reboot in safe mode, besides pressing F8 right away when I turn the CPU on? I thought I tried that last night, and it didn't work, but I'm not 100% certain

Booting into safe mode is actually quite simple.

Turn your computer on, start tapping the F8 key. If you see something like a boot menu and not the options for Safe Mode, Safe Mode Command prompt only, and so on, then your BIOS conforms to the F8 Boot menu options standard.

In this case, Select "Boot from hard drive", hit enter and again immediately start tapping F8 again. This will bring up the Boot Options for Windows ( i.e. Safe Mode, Safe Mode Command Prompt Only and so on ).

Hope this helps,

I tried to get in via safe mode and it still wouldn't work, the computer wouldn't boot up. it came up with about 14 instances of this:



Multi(0)disk(0)rdisk(0)partition(2)/windows/system32/ntoskrnl.exe or some .dll or some .sys

and then just sat there

You may want to try running SafeBootKey Repair. This can be found here.

•Please download Safe Boot Key Repair and save it to your desktop.
•Run SafeBootKeyRepair by double clicking on it or Right-click on it and click Open. If you are using Vista, please right-click and choose run as administrator...•A black command prompt window shall appear with the message "Please Wait..."
•It will now begin to scan, please be paitent while it scans The scan should take no longer than 1 minute
( Instructions thanks to extremeboy )

Once SafebootKeyRepair has finished, reboot your computer in SafeMode and once again follow the instructions I posted here.

Hope this helps,

Hi. Thanks for the info. I'm going to have one of my friends look at it. He's able to fix these types of problems more effectively than I would. Thanks for your help

Sounds good. If you still need help, come on back.