Solved

How to remove the "Internet Security" malware for Windows 8

Posted on 2013-05-16
8
509 Views
Last Modified: 2013-05-22
I have an Ultra Book (Toshiba) that is infected with the Internet Security malware.  The laptop will not start in safe mode.  It shuts down any program that's started in about half a second.  A predominantly green dialog appears when the notebook is finished booting claiming that files are infected with various malware and soliciting payment for the program.  A firewall alert appears on the side at times, saying that the book is loaded up with child porn, and offering to delete it for a price.  

I tried using Greatis Unhackme which fails to install, mbam chameleon which starts in a DOS
Window, then stops.  

This is a critical ultrabook for us as it is used be the Medical Director and I really need it working quickly.  Can anyone help>
0
Comment
Question by:jeb-sb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:duttcom
ID: 39173832
You could try Malwarebytes ( http://www.malwarebytes.org/products/malwarebytes_free/ ) or Superantispyware - (http://www.superantispyware.com/). If you can, download it onto a USB stick on another computer or you can burn it to a CD to prevent the USB drive from picking up anything nasty

The other thing that is worth trying if you are unable to run your usual anti malware applications (or the ones suggested above) is to rename the applications before you run them. So if you do decide to try Malwarebytes, once you have unzipped/installed the software, find the EXE file and change its name. From memory, Malwarebytes installs as mbam.exe, so you should change it to something like mbamXYZ.exe before running it.

Often this sort of malware changes the registry to block the running of specific software, such as Malwarebytes, so you can't run them and get rid of the malware. Changing the name of the EXE file will bypass this and allow you to run the software properly.
0
 
LVL 10

Accepted Solution

by:
cpmcomputers earned 500 total points
ID: 39173898
This should sort your problem

https://support.kaspersky.com/viruses/rescuedisk
0
 
LVL 12

Expert Comment

by:kadafitcd
ID: 39174767
You should try running the various versions of rkill on it.  It kill the software from memory then you can run Combofix and MBAM to clean your system.

If the rkill doesn't work then you'll be forced to use a rescue disk like the one posted above.  Problem is it takes an extremely long time to clean with that rescue disk, that's why I suggested the above.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 24

Expert Comment

by:aadih
ID: 39174971
Quickly?:  Try system restore to an earlier date.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39175393
Since your post I am seeing others refering to a similar problem

There are files being renamed from xxxx.xxx to xxxx.xxx.html

Seems the virus encrypts the files and embeds a link in them so if you execute the file it just takes you to the site demanding paymant for an unencryption code

usually it is possible to get at a keycode hidden on the pc and use a decryption program to restore the files but this latest variant seems to delete the keycode.

I am not seeing any fix at all for this at present

If your symtoms look anything like this I would be tempted to backup the disc asap and then leave it completely switched off, certainly keep it off the internet, until a workable solution is found
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39175428
This gives further insight

http://www.bleepingcomputer.com/forums/t/482584/met-police-virus-claims-to-have-encrypted-my-files-cannot-open-doc-jpg-etc/

Note:grinler is the guy would wrote rkill ( so I think we can accept he knows what he is talking about?)
0
 

Author Closing Comment

by:jeb-sb
ID: 39189567
This was the only solution that helped.  The problem was complicated by the laptop using Windows 8.  It made gaining any control very difficult.  The Kaspersky solution that I used was Rescue Disk 10.  It allowed me to get to the file system and once I was there, I could control some applications by going directly to them.  using a command prompt invoked by a created icon started as Administrator, I was finally able to get the machine in safe mode  where the bug did not seem to work.  There I ran mbam chameleon and it scarfed it up.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39189648
Great job - would love to get my hands on the people who write this crap

Still no answer for the xxx.html issue if anyone is seeing snything ?
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question