I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.
This one was on my own system! I was surfing around, looking at some movie reviews and I got a pop-up ad that wasn’t an ad – it was a hijacker.
I got a window that said it was a program called “Internet Security” with the tagline “Designed to Protect”. It wanted to scan my system. Of course, I know this scam. “Internet Security” is not “Microsoft Security Essentials”, it is not a program I have installed on my system. And I know that if I run the scan it will “find” all sorts of nasties (that I don’t actually have) on my system, and then probably want me to install the full version (for a price), and when I do it will probably install all kinds of trojans and backdoors all while telling me that it has cleaned the nasties off my system. But that wasn’t the end of the tricks from this particular nasty…
Suddenly everything started shutting down. IE shut down, and as I was trying to click on it, Microsoft Security Essentials disappeared from my system tray. I started to get a bunch of messages from my system tray that this program and that program was infected by W32.Blaster.Worm. When I tried to restart IE, a pop-up said it couldn’t start because the file had been infected, and I needed to scan my system with “Internet Security”. The same thing happened when I tried to launch Task manager, and even System Restore. It even put a shortcut on my desktop in case I couldn’t see the constant stream of messages in the system tray.
Since I couldn’t open IE to do research on what had bitten my system and how to remove it I was stuck, right? Ha. Welcome to the 21st century, where every phone is internet-enabled, and a second computer is required because no one wants to wait for their spouse to stop surfing before they got a turn.
I simply turned to my wife’s computer and started browsing for a solution.
I will give the authors of this fake antivirus some credit, the name “Internet Security” with the tagline “designed to protect” are the very same phrases that appear on every antivirus site on the planet, 70 million blogs about internet security, and on and on. 1.56 million results on Google.
I found one site, though, that got me close. KingsOfSecurity.com had an entry on “XP Internet Security 2012”. It wasn’t the same thing as I had, exactly, but one thing it said to do was check the C:\Users\%username%\AppData\Local\Temp folder. There were a couple of recent files in the folder when I sorted by date, so I highlighted them and deleted them.
One of the files refused to delete, because it was in use by isecurity.exe.
So I Googled for a way to kill a windows process from Start >> Run (Windows Logo Key + R also launches Run). taskkill /IM (Thank you, tech-recipes.com!)
taskkill /IM isecurity.exe
And my system was released from the control of the nasty hijacker.
For good measure I did a system restore, then, once my system had rebooted, updated my Microsoft Security Essentials and rescanned, and searched for any files named isecurity.exe on my hard drive or in my registry, and everything came back clean.
Hopefully my experience will help you with resolving your issue, please feel free to leave a comment if you need further assistance or if something I wrote was unclear, and I will do what I can to help.
Jim Adcock makes a living as a SharePoint Administrator, and makes a difference as Vice President of Launch Pad Job Club, an organization in Austin, Texas, whose mission is help people who have lost their jobs to get the skills they need to land their next job, and to help them cope with the interim between jobs. Check out his career-related posts or check out some of the other content on the site.