Security Centre reports multiple anti-virus programs.

I have a computer that was infected by the scam av program Internet Security Suite. I'm pretty sure that I have killed it and a TDSS rootkit using various tools but Window's Security Center continues to report that it is installed .
The question is this:
Where does windows get the information it display in the security center.I've scanned the registy but could't get any matches on this name. Any suggestions?
Peter_KnoxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ProtechCTCommented:
Virus may still be alive  Have you tried ComboFix on the workstation in question?

http://www.bleepingcomputer.com/download/anti-virus/combofix
0
zeshanazizSystem AdministratorCommented:

Source: http://www.precisesecurity.com/rogue/internet-security-suite/

Fake Internet Security Suite Removal Procedures
Manual Removal:
1. Stop Internet Security Suite process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
ISS(random characters).exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Internet Security Suite entries as shown below. [how to edit registry]
5. Exit registry editor.
6. Remove Internet Security Suite start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
ISS(random characters).exe

7. Click Apply and restart the computer.

Internet Security Suite Removal Tool:
In order to completely remove the threat from a computer, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.

Online Virus Scanner:

Another way to remove a virus from a computer without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate computer security provider.

0
Sudeep SharmaTechnical DesignerCommented:
Check this article from rpggamergirl and remove any AV listed under Security Center.

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2088-Can%27t-Install-an-Antivirus-Windows-Security-Center-still-detects-previous-AV.html

I hope that would help

Sudeep
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Peter_KnoxAuthor Commented:
Thanks for the replies everyone. I should have provided a bit more detail in the original question as to the steps I had already taken to remove this scam. Yes, I used combofix and malwarebytes, and they found and removed a number of items, but the security center continued to advise that Internet Security Suite was installed and up to date. I took the drive out of the machine and scanned it with Kaspersky AV on another system. That identified and removed a number of trojans. I used GMER and the Kaspersky TDSS Killer to remove the rootkit. I scanned with Superantispyware and HJT and also used the Panda, Nod32 and Bitdefender online scans. I even gave Spybot S & D a run against it. After all that the SC was still reporting that this thing was installed and up to date!  
There have been no other indications that the program was still active so, at this stage, I'm assuming that it is dead. Sudeep's response  answered my question about where the SC gets its information. Using the link in the response I was able to delete the references to the antivirus (and to a firewall from the same source.) The only additional information I could find in The WMI test was a reference to AVP inc as the maker.
Points and thanks to Sudeep
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.