Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010 Removal


  • Please log in to reply
7 replies to this topic

#1 Need HelpWith IS2010

Need HelpWith IS2010

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 15 April 2010 - 06:57 PM

I am using Windows Xp. I've tried about everything. System Restore (restore points corrupted), Regedit (no luck), Malwarebytes', Superantispyware, manually removing(removed some things, but to no avail). I discovered that it is named "ave.exe". If it is actively running and popping up with the fake threats, terminating that process with task manager momentarily gets rid of it. I deleted ave.exe from the system, but there is still something else. I have removed "disable security center/firewall/rouge av multiplier" many times using malwarebytes(I'm pretty sure it is programmed to restart every time I restart the computer). There is something I'm missing, after about an hour connected to the internet, the virus returns and seems to get more immune and hard to get around ie. at first I could easily get around it by using mozilla firefox as opposed to Internet explorer. Now the only way to get around it is to enter an address into the address bar. (I've "removed it" about 4 times now.) There is obviously a part of the virus that the antivirus programs continue to overlook. I have unchecked the box "no files hidden" so that could not be the solution either. Any suggestions? I'll post the contents of a certain folder such as HKEY, Prefetch, all of the EXE files, etc., if requested/it could help someone identify which is responsible for renewing the virus.
PS: I'm on a dial-up connection. Please don't send me on a wild goose chase downloading Spybot S&D, Dr. Web..cureit, etc.
PPS: I've tried Rkill and the majority of guides for removing it. I think I'll need more than just a reference to a guide :thumbsup:

Any suggestions at all...?
Thanks.

Edited by Need HelpWith IS2010, 15 April 2010 - 08:38 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 Need HelpWith IS2010

Need HelpWith IS2010
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 15 April 2010 - 09:23 PM

Anyone? :/

#3 Need HelpWith IS2010

Need HelpWith IS2010
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 17 April 2010 - 12:37 AM

Today I deleted about five files with regedit through command prompt. I deleted a few things such as "Firewall Disable", "Update Disable", "Antivirus Disable", etc. They were located in HKEY_LOCAL_Machine\Software\SecurityCenter. I finally found them and deleted them permanantly as malwarebytes would detect it every time I restarted the computer. I am still having troubles though. Every eight minutes or so, the internet gets extremely slow, as if a part of IS2010 is trying to extract info to renew itself? (just a theory). Any suggestions as to where I should look/what I should look for, to dispose of whatever is causing this?

#4 jonm01

jonm01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 17 April 2010 - 08:08 AM

It's probably a rootkit.

I ran the small program that lets you run MBAM without the virus interfering and that got rid of the Security Center thing but there were still redirects etc that kept trying to download AVE again and it seemed to get progressively worse.

In the end Combofix was the only thing that helped (and I tried everything). Be aware that it can be risky to use though as the experts on here point out.

I read something on the BBC news site this morning about these rootkits. There was a link to various AV companies that have free programs you can download so maybe have a look at that first.

#5 Need HelpWith IS2010

Need HelpWith IS2010
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 17 April 2010 - 09:20 AM

Actually, I forgot to mention yesterday... I fixed my redirecting problem. It let me to go Mcafee.com with no problem. Now it's back though. It redirects now, but to related sites. I type in "what to delete from registry if you have Internet Security 2010" and when I click on a link it brings me to "Best Registry Clean-up Programs". Before it would bring me to a random site. I'm fairly sure what I just said was irrelvant, but nevertheless...

Does anyone know like a list of items to delete from registry if you have IS2010?

PS: I'm not exactly sure what a rootkit is, I know I had IS2010 though. Is IS2010 totally unrelated to a rootkit, or was the rootkit in the series of trojans that went onto my computer with IS2010? I'll try the program you suggested, if it goes uninterfered with, it will probably take about 1-2 hours on dial-up.

Thanks for responding. :thumbsup:

Edited by Need HelpWith IS2010, 17 April 2010 - 02:33 PM.


#6 Need HelpWith IS2010

Need HelpWith IS2010
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 17 April 2010 - 03:33 PM

I give up, it's back yet again. It was "Xp Spyware Security" or something this time. I quickly searched "*.exe" and deleted both of the "ave.exe's", good and bad. (had to terminate the proccesses in task manager first) I now have "open with" errors again, and it still draws for information. I'm going to mess around with it for another 20 mins or so, then it's going to Staples or Best Buy. Ahh, only $125. I should've done this 2 weeks ago, and not wasted all this time.

#7 Need HelpWith IS2010

Need HelpWith IS2010
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 17 April 2010 - 04:02 PM

Fixed it using malwarebytes, also redeleted "firewalloveride" and stuff from registry once again... Still probably going to have to take it somewhere to get it fixed though...It just won't stop renewing itself.

Any suggestions at all?

#8 jonm01

jonm01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 18 April 2010 - 05:22 AM

After getting rid of it with MBAM I then ran Combofix which killed off the rootkit that was causing the reinfection every time.

It's a small download and if you've got nothing to lose then maybe try it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users