Ravens PHP Scripts

Internet Security 10 or IS2010
Date: Thursday, February 18, 2010 @ 15:31:30 PST
Topic: Security


System: WinXP

I doubt that many of you out there have even heard of this threat, but it's real and it's out there to destroy your day. And to keep thing interesting there are varing versions of IS2010. I will brag and tell you that since 1995 I have never had a virus on any of my computers. But, while visiting a website that I frequent in the evening hours to watch old movies, IS2010 jumped all over my computer.

Now if you read up on the threat you will find that it's identified as a Rogue Virus. That is something that sends out fake alerts to get you to usually purchase a virus removal software program to remove the "fake" virus. BE AWARE these programs usually do nothing. Actually I found a website a few minutes ago that offers a program that rids your computer of this threat. You download the program, it scans your system showing threats then informs you that you will need to purchase the software to cleanup the problems. Go here to learn more: http://www.virusremovalguru.com/?p=258

What makes IS2010 so dangerous is that it loads a small executable onto your system which downloads fake alerts in rapid succession and it also changes your wallpaper, freezes your desktop, and prevents you from changing the wallpaper that has been changed to one of theirs which tells you that your system is infected. And each time you reboot it loads everything again until the .exe file is destroyed.

The .exe file is automatically triggered and downloads other viruses, trojans, rogue software, and a rootkit all in such a way that your virus scanning software can't keep up. The user possibly gets extremely taken away by how fast things are happening. Your desktop is frozen you can't download anything except download the program that they claim will solve all of your problems. DO NOT download or purchase it.

Here's what I did to get rid of this thing.


- I shut my system down by unplugging it.
- Then I performed a cold start, booting into DOS where I tracked down the .exe file located in c:Programsinternetsecurity2010.exe and deleted it. Why did I do this? I knew that there had to be a executable progam because of the way things were happening.
- I found a executable program that I had not installed.
- Then I rebooted my system the usual way and instructed my anti-virus software (Avast) to run a thorough scan once I rebooted my computer from start/Turn Off Computer/reboot. It scanned my system once I logged back in but before loading the desktop. It failed to clean my system. Keep in mind that Windows XP is a operating system and DOS resides under it. So it's not a good idea to run a dos based virus scanner because DOS is a 16bit system and viruses usually run from a 32bit system.

Since the virus scan did not clean my computer I turned to a trusted software program, SpyBot S&D and ran a scan of the registry. It found a few registry problems and I chose to fix them all.

Internet Security 10 IS2010, places files on your system which disguise themselves as system files and you need a good rootkit program to discover them. SpyBot is good at what it does but it didn't clean my system totally. I did however, have access to the Internet now where I went to Microsoft and downloaded Microsoft Security Essentials (this is not a pitch) and replaced my virus scanner with it. I ran it from the desktop performing a thorough scan once I downloaded the updates and I am glad to say that it cleaned my system. How do I know this? I opened up the log from my previous scanner to see the latest virus attacks it identified and checked these against the threats that MSE cleared. Remember I deleted the main executable file that was in plain view as a running program which returned most of my computers access points. I now had access to the Task Manager which had prevented me from aborting the program, but did not find anything out of the ordinary.

There are websites out there that recommend certain software to remove the virus but I considered them to be a waste of time. I had thought about giving MSE a test drive but just never did, now it's my scanner of choice and it's free.

Keeping alert yourself helps but doesn't stop everything, to do that you need to be knowledgeable of the real threats looming out there and keep a GOOD virus detection program on your system that updates itself automatically. Visit McAfee to get information of the threats out there and you can visit my website and click on the virus link to get a quick look. www.papamikecreations.net

Be safe out there. :)

g. Michael Boyles (papamike)






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3787