Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 14 January 2012

Remove Internet Security Guard (Uninstall Guide)

Posted on 10:14 by Unknown
Internet Security Guard is a rogue anti-virus program which works as a disguise. This malware almost makes you think it's legit because it looks like Microsoft Security Essentials, the genuine Microsoft security product. Besides, it has a very generic sounding name. But have you ever heard of it? Hell no. There's another variant of this malware that calls itself Home Security Solutions. For a more technical description read this post. This time I will just stick to the facts, so that if anyone else gets it they know what to do.





Internet Security Guard is distributed through spam e-mails, infected websites, and social networks. It seems that cyber criminals use the BlackHole exploit kit to spread the malware. Upon execution, Internet Security Guard modifies Windows registry and drops several files onto the infected computer. It then pretends to scan your computer for spyware, trojans, rootkits and other malicious software. It may falsely detect up to twenty viruses on your computer. What is more, this rogue antivirus program, blocks legitimate security software and system utilities. Last, but not least, it changes LAN settings by adding a proxy server which redirects http requests through servers controled by cyber criminals. As a results, anti-virus and tech support websites may be blocked. Windows Hosts file might be replaced as well.

Websites in some way associated with Internet Security Guard:
  • hxxp://www5.internet-security-guard.com
  • hxxp://save-secure.com
  • hxxp://securityearth.net


If your computer just got infected with Internet Security Guard, please ignore everything it says and do not follow instructions on screen. But most importantly, DO NOT purhcase it. If you though it was real and you gave your credit card details to scammers, contact your credit card company immediately and dispute the charges. To remove Internet Security Guard, please follow the steps in the removal guide below. If you have any questions, just leave a comment below. Have a good weekend!


Quick Internet Security Guard removal guide:

1. Open Internet Security Guard. Click the "Activate full protection" button. Enter one of these debugged registration keys to register this rogue application. Don't worry, this is completely legal.

K7LY-H4KA-SI9D-U2FD
U2FD-S2LA-H4KA-UEPB
K7LY-R5GU-SI9D-EVFB



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

3. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Alternate Internet Security Guard removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.



3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

4. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Associated Internet Security Guard files and registry values:

Files:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]\
  • %AppData%\Internet Security Guard\
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk
  • %UserProfile%\Desktop\Internet Security Guard
  • %UserProfile%\Start Menu\Internet Security Guard.lnk
  • %UserProfile%\Start Menu\Programs\Internet Security Guard.lnk
Registry values:
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\Internet Security Guard = "%AllUsersProfile%\Application Data\58d584\HS126.exe" /s /d
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\HSS = "%Temp%\scandsk221d_5201.exe" /cs:1
  • HKEY_CURRENT_USER\software\3
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe\Debugger = svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = 01000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\[1...15]
Share this information with your friends:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ▼  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ▼  January (20)
      • Youtube PREMIUM Player, Free Facebook Credits and ...
      • How to Remove Searchqu (Uninstall Guide)
      • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
      • Bitdefender Internet Security 2012 Giveaway! Hurry...
      • Antivirus Smart Protection and Malware Protection ...
      • Remove "Smart Protection 2012" (Uninstall Guide)
      • Remove "Internet Security 2012" Malware (Uninstall...
      • Temp:winupd.exe (Uninstall Guide)
      • Search.conduit.com (Uninstall Guide) - How To Remo...
      • PUP.CNET.Adware.Bundle (Uninstall Guide)
      • Remove Internet Security Guard (Uninstall Guide)
      • Remove Guardia di Finanza Ransomware (Uninstall Gu...
      • Remove Strathclyde Police Ransomware (Uninstall Gu...
      • Malicious Youtube Extension, YXH-youtube_player.xp...
      • Remove Audio Ads Virus (Uninstall Guide)
      • Msdcsc.exe Process Information
      • Remove EoRezo Adware/PUP (Uninstall Guide)
      • Remove BasicScan (Uninstall Guide)
      • Be A Guest Writer
      • Remove Tidserv Activity 2 (Uninstall Guide)
  • ►  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile