# Internet Security 2010 Virus



## Gary Armitstead (Jan 2, 2008)

People probably know about this virus already, but I was hit with this one last week. Cost me $355 for a new hard drive and restoration of my information. It is called "IS 2010 AV". Mac guys don't need to read this, but PC people should. This one has been around since early December 2009 and it is mutating. I run AV programs and firewall AND still got it! A pop-up occurs to tell you that you have a virus threat. Also tells you to run a full scan with whatever AV program you are running on your machine. As soon as you hit the "close "X"" on the window, you will be sent to a bogus site asking for your card number to buy "Internet Security 2010" which IS a legitimate program. You close that window because you know you are being scammed, but you have already started the virus running. When the FIRST window appears and says you have a threat, DO NOT CLICK THE "X" TO CLOSE THE WINDOW. ONLY USE ALT F4 or CRL ALT DEL! In talking to my computer guy, there is NO AV program that stops this thing! I have many of my fellow MasterCam programmers hit with this one and they are all pretty saavy about these computer programs. Just a warning to everyone.


----------



## Dale W (Jan 5, 2008)

Not to gloat, but this the reason I have 2 Macs and will never have anything but. 

These viruses, worms etc are not only costly but damm frustrating. I've had them in pc days. 

Dale


----------



## Pete Thornton (Jan 2, 2008)

A pop-up occurs to tell you that you have a virus threat. Also tells you to run a full scan with whatever AV program you are running on your machine. As soon as you hit the "close "X"" on the window, you will be sent to a bogus site 
Gary, 

Curious. I've been getting frequent (once a week) pop-ups telling me I have a virus and that a full scan is required, then the original window goes to a folders-type display (undoubtedly bogus) but it hasn't infected me even though I hit the "X" immediately. 

Maybe there's another variant running around.


----------



## Mike Reilley (Jan 2, 2008)

I've not seen this...then again, I have all popups blocked. Perhaps that is a "preventative"????


----------



## Gary Armitstead (Jan 2, 2008)

Pete, 
It's probably a variant. This virus has been mutating, so be careful. 

Mike, 

I have pop-ups blocked also and it STILL got through. Google this little monster. 

Everyone, 

My computer guy here in Burbank has had fifty machines in for repair from this virus since Christmas!


----------



## Greg Elmassian (Jan 3, 2008)

You can normally remove it, but you need to start in safe mode, and get the remover from malwarebytes.com ...

Very nasty, often it's less time to save the information and rebuild the system than to remove it. I have a sideline business to "fix" computers, and this is the worst one out there, and has been for several years, the old version was also called "Windows 2009 xxxx", the title varied.


I had the tip for this on my computer page. 


*http://www.elmassian.com/electronic...inmenu-281*

It's actually a program that is not too difficult to delete, but the damage it causes to your windows settings is really nasty, all kinds of things are broken after the removal, and again, it's usually more work to fix these things than clean reinstall.

But I do whatever people want. It's their decision at $50 an hour.

Regards, Greg


----------



## flats (Jun 30, 2008)

I got the viruus once on my computer, cost me $150 to get it off my hard and lost 
everything I had on it. It has tryed to come back 3 or 4 times and was able to get 
through again, I was ready this time. Make sure that you go to http://www.pctools.com/ and 
get the Spyware Doctor with antivirus, this is the only tool I have found that will get 
ried of it. If you wait and try to buy PCTOOLS after you get it, just take it back to the 
computer man for it will not let you download it. The cost was $29.00 when I got it 
last year, cheaper than taking it in to get fixed. 

Ken owner of K&K the road to nowhere


----------



## Dwight Ennis (Jan 2, 2008)

I've seen variants of this several times at work, and have had to spend some time dis-infecting the affected machines - just had to do one a week or two back. First off, Internet Security 2010 is NOT a "legitimate" program - a quick Google search confirms that. All these programs will infect the machine and pop up window after window, making the machine essentially unusable. They infect the particular user's account who downloaded the damn thing in the first place. This is another real good reason to only have *ONE* password-protected *Administrator Account* and do all your work, browsing, email, etc. with a *Limited User* account. In case of infection, you can log in via the Admin account and do the clean-up. It also aids in blocking attempts to modify the Registry, though not always it seems.

The offending files generally store themselves in the *Documents and Settings|(User Account Name)|Local Settings|Temp* folder (a hidden folder so you have to set Windows Explorer to show hidden folders) or in the *Documents and Settings|(User Account Name)|Local Settings|Temporary Internet Files* folder, or both. Other Trojans and viruses also sometimes make use of the *Documents and Settings|(User Account Name)|Local Settings|Application Data* folder. To eradicate these suckers, first you need to empty the two folders mentioned first (delete everything in them, not the folders themselves) and take a hard look at whatever is in the *Application Data* folder mentioned.

You then need to go into the Registry and check every entry in the *Run* areas (and there are a lot of them). Sometimes I need to Google entries in these areas to see whether or not they are valid apps. It can take a couple of hours to go through all this, but it's better than buying a new drive and re-loading everything onto the machine, which would take even longer.

Given time, the AV programs will detect and block this one as well.

BTW Mikey, if you ever get one of these, having pop-ups blocked will make no difference.


----------



## Gary Armitstead (Jan 2, 2008)

http://internet-security-suite-revi...eview.html/

The NEWEST one from AVG IS 2010, not this version 9.0 


EDIT: I just went to AVG's site and Internet Security 2010 was taken down. It was there just before Christmas. Interesting to say the least. That's how I got snookered into this virus. The virus even uses the same logo as AVG, but switches the positions of the colors.


----------



## Scottychaos (Jan 2, 2008)

How does one actually "get" one of these viruses? 
where do they come from? 

I guess I have been lucky..I think i have been on-line pretty much every day for the last 15 years, and I have never had a virus.. 
(knock on wood.) 

I know you can get some via email, but my spam problem was solved ages ago by yahoo and google mail "bulk" folders.. 
so I dont see spam anymore.. 
so how else does one get the virus? from webpages? 

Scot


----------



## Greg Elmassian (Jan 3, 2008)

While this is a nasty one to remove, there is no reason that you lose anything on your hard drive... it does not attack anything but windows files. 

If you get this and the repair guy says you will lose everything, get another guy. 

Easiest way is to take the hard drive out and put in uninfected machine, copy the files you want and reinstall windoze from scratch. 

Having Spybot installed and the resident "teatimer" installed usually blocks it, but many people just see this and let the virus install. 

I can get it out of a machine in about 15 minutes, but repairing all the other damage to the registry is where the work is, at least in my experience. 

When someone gets this on their work computer, it's because they have been surfing around to nasty sites. 

Regards, Greg


----------



## silverstatespecialties (Jan 2, 2008)

I've been fighting this thing through most of 2009; I have to maintain my family's 5 computers (2 desktops & 3 laptops) that are in constant use. 

The encounters we've had with this monster has been through ads running on supposed "safe" sites...you don't have to go to taboo sites to encounter it. I've tracked most of the sources to the domain "burstnet.com" and blocked it from all browsers. 

The best luck I've had so far has been by blocking the suspect domain, and using SpyBot & SpywareBlaster (both free). Be sure to download updates every week, if not more frequently. 

This combination has not allowed any further occurrences for us. Hope this helps.


----------



## Dwight Ennis (Jan 2, 2008)

How does one actually "get" one of these viruses? 
where do they come from?You get them from web sites. Several months back I was writing software to run a robotic shear for transformer laminations. I went looking for a cool little "robot" icon for it via Google, and one of the sites I went to tried to infect my machine with one of the variants as soon as I went to it. So it doesn't have to be a "nasty" site as Greg says. I caught it before it got in and avoided infection.


----------



## Ralph Berg (Jun 2, 2009)

One does not have to cruise nasty sites to get this or any other virus. A few weeks ago I was on my Yahoo.com homepage and the virus tried to download.
My Avast AV blocked it and aborted the connection.
It was the weekend and it was several hours before Yahoo cleaned up their portal.
Hackers spend a lot of time trying to get their malware on "trusted" sites.

As for Mac users, you are not immune to viruses. There are Mac viruses out there. Just not as many. If everyone was using a Mac, you'd be having the same problems Windows users have. As Linux and Mac use grows, so will your infection problems. 

Ralph


----------



## Mik (Jan 2, 2008)

I spent 2 hours dealing with this thing last night. It came from Photobucket, I think... The only windows open when everything went nut was there and here. It got past my Avast, did NOT show up on the virus scan, OR in the add/remove programs list. And Spybot couldn't do anything with it either. It's scamware, not really a 'virus', per se.


This is a nasty one (ie annoying as H#ll, but not I think, actually 'harmful' if you catch it early), with multiple pop-ups every 5-10 seconds, it even changes your wallpaper... Rather fortunately, I was able to get ahold of my friend who works for an ISP in Cali. It took signing up at bleepingcomputer.com and downloading and running their 'ComboFix' to regain control. They say not to run it without someone on their site to supervise you... but I had Andrew along and he's used it before. It still took about 20 loooooooooonnnngg minutes for it to corral the thing.


So far, everything seems to work this morning.


----------



## zubi (May 14, 2009)

Posted By Ralph Berg on 17 Jan 2010 07:22 AM 



As for Mac users, you are not immune to viruses. There are Mac viruses out there. Just not as many. If everyone was using a Mac, you'd be having the same problems Windows users have. As Linux and Mac use grows, so will your infection problems. 

Ralph 

Ralph, some individuals have better functioning immune system than others. Apparently, the same can be said about computers' OS's. Best wishes, Zubi


----------



## joe rusz (Jan 3, 2008)

I've been following this now old thread and wanted to tell y'all about my experience. Twice now, when I have tried to download an attached pdf file, I have received a popup that reads, in its entirety: 

"Virus problem. Protected my MapQuest Navigator. Unable to scan attachments. The affected file(s) has not been scanned because it may be password protected or corrupted. (Tell me more). Please click ok to continue downloading. And get three free cedit scores today. Equifax. Get your score"

Then in small print along the bottom edge it says:

"Disclaimer, McAfee Virus scan may not be able to detect all known viruses and variants. For more information read AOL's terms of service."

I don't know if this is just a legitimate (but annoying) way by AOL and others to get you to open their crap, or if it is a cleverly contrived way to download a bug. Anyway, rather than trying to X off or close, I have been logging off AOL and completely ignoring the e-mail.

What do you guys think?


----------



## Greg Elmassian (Jan 3, 2008)

Did you get an anti-virus program from AOL? 

Are you "running" AOL? 

Have you scanned your system? With what? 

Try downloading using a different browser? 

Answer these for starters... (much more info required to diagnose this) 

Regards, Greg


----------



## afinegan (Jan 2, 2008)

BTW, there are mac virus's so you guys aren't out of the woods, just not very many of them.


----------



## Greg Elmassian (Jan 3, 2008)

I have about 6 Red Hat servers. I get security updates DAILY... linux/unix is the next frontier of attack, mostly server attacks now, but works fine on workstations too... the servers are the big targets... It's just a matter of time.. 

Regards, Greg


----------



## Biblegrove RR (Jan 4, 2008)

Is it best to store all your stuff on external drive for easier reinstall when this happens?


----------



## Greg Elmassian (Jan 3, 2008)

This thread is going all over the place! Well, I guess we solved the question on Windows Internet Security 2010. 

Joe brought up his own problem. (waiting on his answers) 

John wants to know an answer on another topic. (John, the answer is "it depends"... from my point of view there is much more involved, almost every situation is different) 

My best advice is have a suite of tools, and get a knowledgeable guy to set you up so the "Suite" works together, and then keep them updated and working, and check that they are working. 

I surely cannot make anyone an expert in this in a few posts. And it's not simple anymore. And I believe it's getting worse. 

Regards, Greg


----------



## joe rusz (Jan 3, 2008)

Greg, Thanks for your questions.

Because I am one of about five people world-wide who shells out money to have full AOL, not just a place to get my e-mail, I assume I have all of their security bells and whistles.

Most of the time I do run AOL, since all of my favorite site cookies are located there. But I can go right to IE.

I have scanned my system, but not since those two episodes, with Norton Internet Security 2010, which I bought through Amazon and downloaded, primarily because I kept getting popups telling me that my orginal Norton had expired. When I did run it, at launch, it found no viruses, etc

As I said above, I guess I can just go on whatever it is that IE opens with (I'm not sure if by default it is AOL).

The situation here on Maui is that our condo, being part of a rental operation, requires you to sign on ot Oceanic Cable (that's our hookup) every time you turn on the computer. This is pretty annoying, since if you are not logged on to IE that day, and you try to do something like download Norton, which wants to go to its site, everything stalls out, as the program doesn't know that there is no link to the outside word without approval (i.e. loggin on to Oceanic). Thing is, I can see them doing this with the touristas, but we live here!

For what it's worth, the pdfs I tried to open in the download file were from legitimate firms--Mazda Motors, and Oceania Cruise Line. One came from a Mazda PR guy, the other from our travel agent at AAA.


----------



## Pete Thornton (Jan 2, 2008)

Is it best to store all your stuff on external drive for easier reinstall when this happens? 
John, 

Almost everyone needs to keep a copy of their folders and files on a separate, external disk drive. For easier re-install, as you say, but also for portability and for recovery from a system bug. And for installation on a new computer when you finally get one. 

I have 3 external drives (but then I was in the biz.) A 75GB portable that I take with me to plug into my laptop, a 350GB on my computer that stores video [no room on my primary disk for hour-long home movies,] and a 1TB (1000GB) external drive to back up my 350GB and the video.


----------



## Greg Elmassian (Jan 3, 2008)

For the Mac people, who still believe no viruses or attacks: *http://blogs.zdnet.com/s...trong>**

On external drives, they have the advantages above, but they also have disadvantages, portablity (if you have a laptop), and speed... the USB interface is much slower than your internal drive connection.

I use them to back up sometimes, but usually only for computer repairs... I have several computers in the house, and large enough drives to back one up to another... critical machines have mirrored or raid 5 drive arrays.

Regards, Greg 

*


----------



## sschaer (Jan 2, 2008)

prevx 3.0 is able to get rid of that worm.


----------



## Dwight Ennis (Jan 2, 2008)

The only reason Mac's aren't as virus prone is that there aren't enough of them out there to make it worth infecting them. Sorry to deflate the Mac "superiority mindset."


----------



## zubi (May 14, 2009)

You guys need to understand one simple truth. Without viruses (attacks) there would be no evolution (of the immunity system). Obviously, some (most!) organisms will die. Will it be Windows, Macs or Linuxes?, time will tell. In the meantime, we should be grateful to virus writers who keep our systems evolving and (relatively) immune to new attacks. Without them, our computer's immune systems would be non-existant, with consequences hard to overestimate. Best wishes from Tokyo, Zubi


----------



## Scottychaos (Jan 2, 2008)

Posted By zubi on 25 Jan 2010 07:31 AM 
You guys need to understand one simple truth. Without viruses (attacks) there would be no evolution (of the immunity system). Obviously, some (most!) organisms will die. Will it be Windows, Macs or Linuxes?, time will tell. In the meantime, we should be grateful to virus writers who keep our systems evolving and (relatively) immune to new attacks. Without them, our computer's immune systems would be non-existant, with consequences hard to overestimate. Best wishes from Tokyo, Zubi 




Without viruses, there would be no need for an immune system.
Without viruses or criminal hacker scum, our computer's immune systems could be non-existant, with benefits hard to overestimate.

Scot


----------



## zubi (May 14, 2009)

In an Utopian computer paradise, or heaven..., but we live in a real world and have to adapt or become extinct, Scot, Best, Zubi


----------



## Dwight Ennis (Jan 2, 2008)

You guys need to understand one simple truth. Without viruses (attacks) there would be no evolution (of the immunity system). Does that mean Mac, with the relatively lower number of viruses written for it, is "less evolved" than Windows?


----------



## JEFF RUNGE (Jan 2, 2008)

All I know is my wife and son are always on MY MAC instead of their PC's because it "works better" ??? I never should have let then try it!


----------



## Ted_Roy (Jan 2, 2008)

This link give pretty specific removal directions. 

http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010 

Ted.


----------



## Greg Elmassian (Jan 3, 2008)

Posted By Dwight Ennis on 25 Jan 2010 07:10 AM 
The only reason Mac's aren't as virus prone is that there aren't enough of them out there to make it worth infecting them. Sorry to deflate the Mac "superiority mindset."








Exactly... our company has about 20 macs and 500 pc's.

If you were in "business" to make money from "hijacking" people's browsers (where you get paid for every "redirect" to a target site)... what market would you attack?

It's like deciding to make a new "widget" for a car... do you make it fit a toyota or a saturn?

Regards, Greg


----------



## TruEnuff (Jan 1, 2010)

Hi All! 
Just a quick note. Microsoft has a new free antivirus program called Microsoft Security Essentials 1.0. Since my antivirus program on my laptop was expiring, I decided to try it. The online recommendations were all good, and two sites, including PC Magazine, said that it has the highest abiltiy to detect and remove existing problems of the other freeware programs. (None picked it as their first choice, but all had it in the top 2 or 3.) Anyway, on the first scan, it picked up an existing "WARNING, YOUR COMPUTER IS INFECTED.....yada, yada....download here" bug mascarading as a wallpaper file, apparently. It removed the infection without even asking and had a link to a site for more information on that infection. Nice and really unobtrusive (something else the reviews liked about it). I was running AVG on that computer, and while I think AVG had isolated the problem....it had not removed it. Anyway, you might give it a try. Nothing to lose...and that first scan might surprise you. 
Bruce


----------



## Paradise (Jan 9, 2008)

MS has a antivirus program - What a joke ! 
It is their bad design of combined technologies that leaves oportunities for 'smarter people' to exploit and create the viruses in the first place. 

I predict that a virus will be written by 'smarter people' that exploits the MS antivirus program that is there to protect you.

HA !... All in time...


----------



## TruEnuff (Jan 1, 2010)

Posted By Paradise on 28 Jan 2010 03:52 AM 
MS has a antivirus program - What a joke ! 
It is their bad design of combined technologies that leaves oportunities for 'smarter people' to exploit and create the viruses in the first place. 

I predict that a virus will be written by 'smarter people' that exploits the MS antivirus program that is there to protect you.

HA !... All in time... 



I posted this information because I personally had not been aware of the existence of this program, it was highly rated in all of the reviews that I could find on the internet, it is free, and most importantly it removed one of the infections commented on in this thread when another very popular program did not. I thought that might be of interest to some folks here. 

Bruce


----------



## Greg Elmassian (Jan 3, 2008)

Bruce, thanks for pointing this program out. 

In the past, MS has not had a stellar reputation for AV, but their programs do sometimes catch things that other programs do not, for example Windows Defender is pretty good on certain browser hijackers... 

Another thing, free is good. I run several different anti-spam, malware, virus, hijacker programs. The combination normally catches everything, so running a suite of programs can get expensive unless most of them are free. 

Regards, Greg


----------



## TruEnuff (Jan 1, 2010)

Hi Greg....
Thanks for the comments. While I am not a power computer user, I am noti a novice either. I've used all of the typical antivirus, spam blocking, pop up blocking, etc. etc programs, including AVG as well as the 'big name' suites. Generally I've had good luck with all of them, finding things to like and dislike in each...but in the end, each has served the purpose. I haven't used any MS antivirus programs simply because they never made the top of the expert's lists and there wasn't any reason to use them. 

A while back, I got that virus that takes over your wallpaper with a big warning notice. It was the first infection I can recalll. It got by the AVG that I had on my laptop. I did some searching on google and after some time and a lot of reading, I found out how to isolate the bug and get control of my wall paper back with an outside 'specialty' program just for that purpose. I forgot about it....case closed. I had been following this thread and a few days ago, my AVG subscription ran out (yes, I was running the pro version). I decided to do my usual googling to find something free until I figured out what to do for a permanent install. I was surprised to find at least three or maybe four sites that listed the MS program in their top three freebies. It was one I had never heard of and apparently a new release. What caught my eye was that all of the reviews commented on its ability to find and remove EXISTING problems. Since I needed something now, I d/led it just to see. I ran a scan (really fast) and in the report, which I didn't read until sometime later, there was the wallpaper file found and deleted without a peep. Based on the independent reviews and a successful scan, I'm now running the program. I may decide to keep it, or I may go for something else...but meanwhile, I thought some of the guys here might want to give it a try to see if it can clean things up for them too. I don't work for MS, honest! That's my story, and I'm stickin' to it!

Bruce


----------



## dawgnabbit (Jan 2, 2008)

Since we've gotten off-topic already...I'm surprised no one has mentioned running Windows on a virtual machine inside of some other operating system as a way to snooker the viruses. If Windows picks up a nasty bug, the Host OS (which isn't infected) just restores Windows' pre-infected state from a clean saved snapshot in almost no time at all. This is much faster than salvaging data, reinstalling Windows, reloading applications, etc. You do have to remember to take a current snapshot every now and then to keep your work updated, but that takes about five seconds.




I've been running Windows as Guest inside Ubuntu Linux as Host using VirtualBox for some time now, and am happy with how well it works. No virus protection (on either OS), no spyware blockers, no annoying automatic updates from Microsoft. Moving from one OS to the other is transparent - exactly the same as moving from one window to another on a Windows machine. Both Ubuntu and VirtualBox are free, open source programs; they install themselves very simply and have great graphical interfaces. (Usual disclaimer: Just a happy user, no other relationship with Ubuntu or VBox)


For me, there are no downsides to this approach, except maybe the fact that I like Ubuntu so much better that I've stopped using Windows entirely except to run SketchUp and EasyCad, which don't have Linux versions yet yet, and to program my mp3 player, which is a truly retarded (but Windows-compatible) device.

Works for me. Your mileage may vary.

Dawg


----------



## Greg Elmassian (Jan 3, 2008)

Good idea, the only downsides is that sometimes interfaces (serial port, usb port, ethernet, etc.) sometimes do not work as well and as reliably. 

Other than that, the only downside is performance, you take a certain performance hit running an operating system under another operating system. 

But, in terms of safety, it's the best. Many professionals do this for exactly this reason. 

Regards, Greg


----------



## dawgnabbit (Jan 2, 2008)

Interesting, Greg. I hadn't considered performance issues.

My Windows (XP-SP2) actually runs faster[/i] inside Ubuntu than it did by itself. I attribute that to the fact it's a clean install and not junked up with anti-virus, syware blockers, spam filters, phishing filters, long slow automatic updates and the like.

FWIW, the open-source version of VirtualBox doesn't handle USB well, but the non-open source version (it's still free) makes that all transparent.

It's kind of amusing to watch Windows, confined to its (virtual) box, cheerfully going about the tasks assigned to it, all the while imagining it's still in charge of everything. Outside, Linux is doing all the heavy lifting, of course, but never lets on. So Windows just stays fat, dumb, and happy. It's a small payback for all the misery Windows used to cause me.


May the Source be with you,

Dawg


----------



## Greg Elmassian (Jan 3, 2008)

When running a virtual machine, of course the "slimmer" the host operating system, the better. Ubuntu is of course much better than Windows. The only thing faster (if you are picking nits) would be the VMWare "operating system" whose only purpose in life is to host virtual machines. 

Very nice way to run safely. This is happening quite often in production environments, and it's really a good time for home users. Make a backup of your virtual machine every so often, if you get a virus, just use one of your backups and your Windows is back to it's old self. And, as Windows "ages" and gunks up the registry, after a year you can "turn the clock back"... of course any software installed since then has to be re-installed. 

Overall a great idea. 

Regards, Greg


----------

