Solved

Security Centre reports multiple anti-virus programs.

Posted on 2010-11-23
4
380 Views
Last Modified: 2013-11-22
I have a computer that was infected by the scam av program Internet Security Suite. I'm pretty sure that I have killed it and a TDSS rootkit using various tools but Window's Security Center continues to report that it is installed .
The question is this:
Where does windows get the information it display in the security center.I've scanned the registy but could't get any matches on this name. Any suggestions?
0
Comment
Question by:Peter_Knox
4 Comments
 
LVL 5

Expert Comment

by:ProtechCT
ID: 34197166
Virus may still be alive  Have you tried ComboFix on the workstation in question?

http://www.bleepingcomputer.com/download/anti-virus/combofix
0
 
LVL 5

Expert Comment

by:zeshanaziz
ID: 34197276

Source: http://www.precisesecurity.com/rogue/internet-security-suite/

Fake Internet Security Suite Removal Procedures
Manual Removal:
1. Stop Internet Security Suite process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
ISS(random characters).exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Internet Security Suite entries as shown below. [how to edit registry]
5. Exit registry editor.
6. Remove Internet Security Suite start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
ISS(random characters).exe

7. Click Apply and restart the computer.

Internet Security Suite Removal Tool:
In order to completely remove the threat from a computer, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.

Online Virus Scanner:

Another way to remove a virus from a computer without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate computer security provider.

0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 250 total points
ID: 34201285
Check this article from rpggamergirl and remove any AV listed under Security Center.

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2088-Can%27t-Install-an-Antivirus-Windows-Security-Center-still-detects-previous-AV.html

I hope that would help

Sudeep
0
 

Author Comment

by:Peter_Knox
ID: 34205660
Thanks for the replies everyone. I should have provided a bit more detail in the original question as to the steps I had already taken to remove this scam. Yes, I used combofix and malwarebytes, and they found and removed a number of items, but the security center continued to advise that Internet Security Suite was installed and up to date. I took the drive out of the machine and scanned it with Kaspersky AV on another system. That identified and removed a number of trojans. I used GMER and the Kaspersky TDSS Killer to remove the rootkit. I scanned with Superantispyware and HJT and also used the Panda, Nod32 and Bitdefender online scans. I even gave Spybot S & D a run against it. After all that the SC was still reporting that this thing was installed and up to date!  
There have been no other indications that the program was still active so, at this stage, I'm assuming that it is dead. Sudeep's response  answered my question about where the SC gets its information. Using the link in the response I was able to delete the references to the antivirus (and to a firewall from the same source.) The only additional information I could find in The WMI test was a reference to AVP inc as the maker.
Points and thanks to Sudeep
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question