Link to home
Start Free TrialLog in
Avatar of jeb-sb

asked on

How to remove the "Internet Security" malware for Windows 8

I have an Ultra Book (Toshiba) that is infected with the Internet Security malware.  The laptop will not start in safe mode.  It shuts down any program that's started in about half a second.  A predominantly green dialog appears when the notebook is finished booting claiming that files are infected with various malware and soliciting payment for the program.  A firewall alert appears on the side at times, saying that the book is loaded up with child porn, and offering to delete it for a price.  

I tried using Greatis Unhackme which fails to install, mbam chameleon which starts in a DOS
Window, then stops.  

This is a critical ultrabook for us as it is used be the Medical Director and I really need it working quickly.  Can anyone help>
Avatar of duttcom
Flag of Australia image

You could try Malwarebytes ( ) or Superantispyware - ( If you can, download it onto a USB stick on another computer or you can burn it to a CD to prevent the USB drive from picking up anything nasty

The other thing that is worth trying if you are unable to run your usual anti malware applications (or the ones suggested above) is to rename the applications before you run them. So if you do decide to try Malwarebytes, once you have unzipped/installed the software, find the EXE file and change its name. From memory, Malwarebytes installs as mbam.exe, so you should change it to something like mbamXYZ.exe before running it.

Often this sort of malware changes the registry to block the running of specific software, such as Malwarebytes, so you can't run them and get rid of the malware. Changing the name of the EXE file will bypass this and allow you to run the software properly.
Avatar of cpmcomputers
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You should try running the various versions of rkill on it.  It kill the software from memory then you can run Combofix and MBAM to clean your system.

If the rkill doesn't work then you'll be forced to use a rescue disk like the one posted above.  Problem is it takes an extremely long time to clean with that rescue disk, that's why I suggested the above.
Quickly?:  Try system restore to an earlier date.
Since your post I am seeing others refering to a similar problem

There are files being renamed from to

Seems the virus encrypts the files and embeds a link in them so if you execute the file it just takes you to the site demanding paymant for an unencryption code

usually it is possible to get at a keycode hidden on the pc and use a decryption program to restore the files but this latest variant seems to delete the keycode.

I am not seeing any fix at all for this at present

If your symtoms look anything like this I would be tempted to backup the disc asap and then leave it completely switched off, certainly keep it off the internet, until a workable solution is found
This gives further insight

Note:grinler is the guy would wrote rkill ( so I think we can accept he knows what he is talking about?)
Avatar of jeb-sb


This was the only solution that helped.  The problem was complicated by the laptop using Windows 8.  It made gaining any control very difficult.  The Kaspersky solution that I used was Rescue Disk 10.  It allowed me to get to the file system and once I was there, I could control some applications by going directly to them.  using a command prompt invoked by a created icon started as Administrator, I was finally able to get the machine in safe mode  where the bug did not seem to work.  There I ran mbam chameleon and it scarfed it up.
Great job - would love to get my hands on the people who write this crap

Still no answer for the xxx.html issue if anyone is seeing snything ?