Home > Rogue Anti-Spyware > Internet Security 2011

How to remove Internet Security 2011?

December 19th, 2010
Goto comments

What is Internet Security 2011?

Internet security 2011 is a fake antivirus application. It is fake for 2 reasons: first, it is distributed by malware: trojans, exploits, worms. You might get infected by clicking on advertisements that claim that your PC is infected without even scanning your PC first. The second reason is that Internet Security 2011 scan results are fake positives: The threats it detects are not real, but either harmless or non-existing files. Deleting any file Internet Security 2011 labels as bad might result in serious computer problems.
Once on PC, Internet Security 2011 will start causing havoc: it will show countless alerts while blocking execution of legitimate programs. the alerts will look like this:

Attention! Network attack detected!
Your computer is being attacked from remote host. Attack has been classified as Remote code execution attempt.

Attention! Threat detected!
NOTEPAD.EXE is infected with Trojan-BNK.Keylogger.gen
Private data can be stolen by third parties including card details and passwords.
It is strongly recommended to perform threat removal on your system.

Windows Security Alert
Your computer is making unauthorized copies of your system and Internet files.
You should immediately run full scanning of your system to prevent any unauthorized access to your data.
Click YES to run Antivirus scanner right now.

All these messages are false. However, on the second execution of legitimate programs, Internet Security 2011 will have changed permissions to them. You will get “Access Denied” message, or, on new systems the message will look like this: “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.”. To overcome that, you will have to launch specific command during repair procedure (the command should be executed from command prompt or start->run, however it is advisable to disable Internet Security 2011 first) :

cacls [Path to program] /G Everyone:F

Special Internet Security 2011 removal guide
There are couple versions of Internet Security 2011. Some can be removed by simply scanning with removal tools like Spyhunter or Malwarebytes Anti-Malware. For some, removal process is more complex.

Internet Security 2011 comes with rootkit. This complicates removal procedure somewhat, thus in many cases an reinstall might be an option. If you want to retrieve data, you might use alternate OS CD. However, it is possible to remove Internet Security 2011 manually as well.

  • Download these tools:
    1. Spyhunter
    2. TDSS Killer from http://support.kaspersky.com/downloads/utils/tdsskiller.zip
    3. http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe
    4. http://www.gmer.net/
    5. http://download.sysinternals.com/Files/Junction.zip
    6. Malwarebytes
  • If you can’t download on infected PC, use USB drive to move them, on burn them on CD on non-infected PC
  • Go to C:\Windows\System32. There should be 2 files named userinit.exe. Rename one with shield icon to userinit.bad
  • Right-click on your computer icon on desktop, properties, device manager (or start Device manager from menu). Go to System Devices, right-click on “[cmz vmkd] Virtual Bus” and disable it
  • Rename C:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll to shsvcs-baddll.dll
  • Launch regedit
  • Search for key that looks like to HKLM\System\CurrentControlSet\Services\VBMAXXXX, where XXXX are numbers or number/letter combo. Right -click on it, Click “Advanced”, Check both “Inherit from parent….” and “Replace permission entries….”. Then change start value from 3 to 4
  • Search for HKLM\System\CurrentControlSet\Services\Userinit, replace start value from 3 to 4
  • Reboot
  • Remove (or save) the files C:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs-baddll.dll, C:\Windows\System32\userinit.bad, c:\Windows\System32\Drivers\VBMAXXXX.sys (where XXXX are random numbers).
  • Run Regedit and delete keys edited before reboot.
  • Do a check in Control Panel program list for Internet Security 2011 or Antivirus 2010. Run uninstallers (yes, they might be there).
  • Open Device manager. Uninstal “[cmz vmkd] Virtual Bus”
  • Extract Junction.zip to C:\ then start->run-> c:\junction.exe -s c:\ >log.txt.
  • Open the log.txt and look for files that failed to open. It is normal that user.dmp, pagefile.sys, and some Microsoft.NET framework files fail to open
  • Drag the files failed to open to inherit.exe OR USE the command in the main article to reenable their execution
  • Run TDSS Killer and gmer to check for rootkit infections that accompany Internet Security 2011
  • Do a full scan with updated Spyhunter and mbam to see if there are any other infection or unremoved Internet Security suite 2011 files

You would be less likely to get such infections like Internet Security 2011 if your anti-malware protection system would be up to date.

Note: “Internet Security 2012” parasite belongs to completely different malware family. The removal is different, so you should check appropriate guide.


Internet Security 2011 is Extremely dangerous

arrow Internet Security 2011 is a corrupt Anti-Spyware program
arrow Internet Security 2011 may spread via Trojans
arrow Internet Security 2011 may display fake security messages
arrow Internet Security 2011 may install additional spyware to your computer
arrow Internet Security 2011 may repair its files, spread or update by itself
arrow Internet Security 2011 violates your privacy and compromises your security
Download Spyhunter
for Internet Security 2011 detection
Note: Spyhunter trial provides detection of parasite like Internet Security 2011 and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.



Internet Security 2011 screenshots


Internet Security 2011 screenshot
internetsecurity2011_img1

Manual Internet Security 2011 removal


Important Note: Although it is possible to manually remove Internet Security 2011, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other malware and spyware removal applications found on 2-viruses.com.
Stop these Internet Security 2011 processes:
Remove these Internet Security 2011 Registry Entries:
Remove these Internet Security 2011 files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Internet Security 2011 infected files and get help in Internet Security 2011 removal by using free Spyhunter scanner. It comes with free real-time protection module that helps preventing Internet Security 2011 and similar threats.

Internet Security 2011 is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only Internet Security 2011 can help you to remove it after you download the trial version. As soon as the victim downloads Internet Security 2011 trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, Internet Security 2011 offers to buy the full version to fix these false errors. If the user agrees, Internet Security 2011 does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.

Some Rogue Anti-Spyware, such as Internet Security 2011, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install Internet Security 2011, which is another way for Rogue Anti-Spyware to spread itself.

Most of rogue Anti-Spyware, such as Internet Security 2011, is nearly impossible to remove manually.


How to tell if your PC has been infected by a Rogue Anti-Spyware such as Internet Security 2011?

Numerous undesirable and annoying pop-ups: A typical Rogue Anti-Spyware parasite keeps track of your internet browsing habits, sending your browsing history data to remote servers, owned by third party companies that use this information to advertise their products via numerous pop-ups, toolbars, hijacked homepages and spam letters. All these undesirable advertising methods are used on the victims of Rogue Anti-Spyware.
Changed or new icons: Sometimes, Rogue Anti-Spyware installs unwanted software to a victim’s PC without user’s knowledge and consent. This may lead to slower PC performance and stability, as well as more unwanted programs you can't remove.

Rogue Anti-Spyware

  1. Ian Almeda
    April 21st, 2011 at 18:17 | #1
    Reply | Quote

    i have one problem.I can not access the internet on the computer.By the way i am using another computer.

  2. venkata karunakar .jakki
    April 26th, 2011 at 19:27 | #2
    Reply | Quote

    ……..install iobit 360 .it is a freeware and run it it is too easyy process ..and do hijack scan also ..it will works 100% perfect .. and u will have aditional fetures alsoo . kepp smilingg enzoy…….

  1. No trackbacks yet.