How to remove the "Internet Security" malware for Windows 8

Posted on 2013-05-16
Last Modified: 2013-05-22
I have an Ultra Book (Toshiba) that is infected with the Internet Security malware.  The laptop will not start in safe mode.  It shuts down any program that's started in about half a second.  A predominantly green dialog appears when the notebook is finished booting claiming that files are infected with various malware and soliciting payment for the program.  A firewall alert appears on the side at times, saying that the book is loaded up with child porn, and offering to delete it for a price.  

I tried using Greatis Unhackme which fails to install, mbam chameleon which starts in a DOS
Window, then stops.  

This is a critical ultrabook for us as it is used be the Medical Director and I really need it working quickly.  Can anyone help>
Question by:jeb-sb
LVL 12

Expert Comment

ID: 39173832
You could try Malwarebytes ( ) or Superantispyware - ( If you can, download it onto a USB stick on another computer or you can burn it to a CD to prevent the USB drive from picking up anything nasty

The other thing that is worth trying if you are unable to run your usual anti malware applications (or the ones suggested above) is to rename the applications before you run them. So if you do decide to try Malwarebytes, once you have unzipped/installed the software, find the EXE file and change its name. From memory, Malwarebytes installs as mbam.exe, so you should change it to something like mbamXYZ.exe before running it.

Often this sort of malware changes the registry to block the running of specific software, such as Malwarebytes, so you can't run them and get rid of the malware. Changing the name of the EXE file will bypass this and allow you to run the software properly.
LVL 10

Accepted Solution

cpmcomputers earned 500 total points
ID: 39173898
This should sort your problem
LVL 12

Expert Comment

ID: 39174767
You should try running the various versions of rkill on it.  It kill the software from memory then you can run Combofix and MBAM to clean your system.

If the rkill doesn't work then you'll be forced to use a rescue disk like the one posted above.  Problem is it takes an extremely long time to clean with that rescue disk, that's why I suggested the above.
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

LVL 24

Expert Comment

ID: 39174971
Quickly?:  Try system restore to an earlier date.
LVL 10

Expert Comment

ID: 39175393
Since your post I am seeing others refering to a similar problem

There are files being renamed from to

Seems the virus encrypts the files and embeds a link in them so if you execute the file it just takes you to the site demanding paymant for an unencryption code

usually it is possible to get at a keycode hidden on the pc and use a decryption program to restore the files but this latest variant seems to delete the keycode.

I am not seeing any fix at all for this at present

If your symtoms look anything like this I would be tempted to backup the disc asap and then leave it completely switched off, certainly keep it off the internet, until a workable solution is found
LVL 10

Expert Comment

ID: 39175428
This gives further insight

Note:grinler is the guy would wrote rkill ( so I think we can accept he knows what he is talking about?)

Author Closing Comment

ID: 39189567
This was the only solution that helped.  The problem was complicated by the laptop using Windows 8.  It made gaining any control very difficult.  The Kaspersky solution that I used was Rescue Disk 10.  It allowed me to get to the file system and once I was there, I could control some applications by going directly to them.  using a command prompt invoked by a created icon started as Administrator, I was finally able to get the machine in safe mode  where the bug did not seem to work.  There I ran mbam chameleon and it scarfed it up.
LVL 10

Expert Comment

ID: 39189648
Great job - would love to get my hands on the people who write this crap

Still no answer for the xxx.html issue if anyone is seeing snything ?

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Permission issue? 10 73
Multiple Antivirus Providers  - Corporate 2 109
EICAR File 5 72
Total AV worth it? 4 89
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question