• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 414
  • Last Modified:

Security Centre reports multiple anti-virus programs.

I have a computer that was infected by the scam av program Internet Security Suite. I'm pretty sure that I have killed it and a TDSS rootkit using various tools but Window's Security Center continues to report that it is installed .
The question is this:
Where does windows get the information it display in the security center.I've scanned the registy but could't get any matches on this name. Any suggestions?
1 Solution
Virus may still be alive  Have you tried ComboFix on the workstation in question?

zeshanazizSystem AdministratorCommented:

Source: http://www.precisesecurity.com/rogue/internet-security-suite/

Fake Internet Security Suite Removal Procedures
Manual Removal:
1. Stop Internet Security Suite process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
ISS(random characters).exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Internet Security Suite entries as shown below. [how to edit registry]
5. Exit registry editor.
6. Remove Internet Security Suite start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
ISS(random characters).exe

7. Click Apply and restart the computer.

Internet Security Suite Removal Tool:
In order to completely remove the threat from a computer, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.

Online Virus Scanner:

Another way to remove a virus from a computer without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate computer security provider.

Sudeep SharmaTechnical DesignerCommented:
Check this article from rpggamergirl and remove any AV listed under Security Center.


I hope that would help

Peter_KnoxAuthor Commented:
Thanks for the replies everyone. I should have provided a bit more detail in the original question as to the steps I had already taken to remove this scam. Yes, I used combofix and malwarebytes, and they found and removed a number of items, but the security center continued to advise that Internet Security Suite was installed and up to date. I took the drive out of the machine and scanned it with Kaspersky AV on another system. That identified and removed a number of trojans. I used GMER and the Kaspersky TDSS Killer to remove the rootkit. I scanned with Superantispyware and HJT and also used the Panda, Nod32 and Bitdefender online scans. I even gave Spybot S & D a run against it. After all that the SC was still reporting that this thing was installed and up to date!  
There have been no other indications that the program was still active so, at this stage, I'm assuming that it is dead. Sudeep's response  answered my question about where the SC gets its information. Using the link in the response I was able to delete the references to the antivirus (and to a firewall from the same source.) The only additional information I could find in The WMI test was a reference to AVP inc as the maker.
Points and thanks to Sudeep
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now