?
Solved

How to remove the "Internet Security" malware for Windows 8

Posted on 2013-05-16
8
Medium Priority
?
516 Views
Last Modified: 2013-05-22
I have an Ultra Book (Toshiba) that is infected with the Internet Security malware.  The laptop will not start in safe mode.  It shuts down any program that's started in about half a second.  A predominantly green dialog appears when the notebook is finished booting claiming that files are infected with various malware and soliciting payment for the program.  A firewall alert appears on the side at times, saying that the book is loaded up with child porn, and offering to delete it for a price.  

I tried using Greatis Unhackme which fails to install, mbam chameleon which starts in a DOS
Window, then stops.  

This is a critical ultrabook for us as it is used be the Medical Director and I really need it working quickly.  Can anyone help>
0
Comment
Question by:jeb-sb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:duttcom
ID: 39173832
You could try Malwarebytes ( http://www.malwarebytes.org/products/malwarebytes_free/ ) or Superantispyware - (http://www.superantispyware.com/). If you can, download it onto a USB stick on another computer or you can burn it to a CD to prevent the USB drive from picking up anything nasty

The other thing that is worth trying if you are unable to run your usual anti malware applications (or the ones suggested above) is to rename the applications before you run them. So if you do decide to try Malwarebytes, once you have unzipped/installed the software, find the EXE file and change its name. From memory, Malwarebytes installs as mbam.exe, so you should change it to something like mbamXYZ.exe before running it.

Often this sort of malware changes the registry to block the running of specific software, such as Malwarebytes, so you can't run them and get rid of the malware. Changing the name of the EXE file will bypass this and allow you to run the software properly.
0
 
LVL 10

Accepted Solution

by:
cpmcomputers earned 2000 total points
ID: 39173898
This should sort your problem

https://support.kaspersky.com/viruses/rescuedisk
0
 
LVL 12

Expert Comment

by:kadafitcd
ID: 39174767
You should try running the various versions of rkill on it.  It kill the software from memory then you can run Combofix and MBAM to clean your system.

If the rkill doesn't work then you'll be forced to use a rescue disk like the one posted above.  Problem is it takes an extremely long time to clean with that rescue disk, that's why I suggested the above.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 24

Expert Comment

by:aadih
ID: 39174971
Quickly?:  Try system restore to an earlier date.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39175393
Since your post I am seeing others refering to a similar problem

There are files being renamed from xxxx.xxx to xxxx.xxx.html

Seems the virus encrypts the files and embeds a link in them so if you execute the file it just takes you to the site demanding paymant for an unencryption code

usually it is possible to get at a keycode hidden on the pc and use a decryption program to restore the files but this latest variant seems to delete the keycode.

I am not seeing any fix at all for this at present

If your symtoms look anything like this I would be tempted to backup the disc asap and then leave it completely switched off, certainly keep it off the internet, until a workable solution is found
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39175428
This gives further insight

http://www.bleepingcomputer.com/forums/t/482584/met-police-virus-claims-to-have-encrypted-my-files-cannot-open-doc-jpg-etc/

Note:grinler is the guy would wrote rkill ( so I think we can accept he knows what he is talking about?)
0
 

Author Closing Comment

by:jeb-sb
ID: 39189567
This was the only solution that helped.  The problem was complicated by the laptop using Windows 8.  It made gaining any control very difficult.  The Kaspersky solution that I used was Rescue Disk 10.  It allowed me to get to the file system and once I was there, I could control some applications by going directly to them.  using a command prompt invoked by a created icon started as Administrator, I was finally able to get the machine in safe mode  where the bug did not seem to work.  There I ran mbam chameleon and it scarfed it up.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 39189648
Great job - would love to get my hands on the people who write this crap

Still no answer for the xxx.html issue if anyone is seeing snything ?
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question