How-To Geek

How To Remove Internet Security 2010 and other Rogue/Fake Antivirus Malware

If you have a PC infected with Internet Security 2010, you’re probably reading this article so you can understand how to get rid of it. Thankfully we’ve got the instructions to help you get rid of this awful thing.

Internet Security 2010 is just one of many fake antivirus applications like Antivirus Live, Advanced Virus Remover, and others that hold your computer hostage until you pay their ransom money. They tell you that your PC is infected with fake viruses, and prevent you from doing anything to remove them.


Note: If you just want the instructions to get rid of it, you’ll want to scroll down a bit.

Anatomy of an Infection

Normally these infections start with a popup message like this one, coming from a rogue site or malvertisement—and they are often served up from porn sites, though these viruses are not exclusively from there.



If you’re a regular How-To Geek reader, you’re probably savvy enough to know how to avoid actually installing these things, but there’s a good chance that your mom isn’t. If you’ve got a relative that doesn’t know what they are doing, here’s what you should tell them to do when they get a popup like this one:


Seriously. If they really are infected with a real virus, powering off won’t be any worse. Some of these things are tricky and will try and install themselves no matter which way you click, and they look just like a real Windows error message. Powering off is just the simplest and best option for non-tech-savvy users. And yes, this is exactly what I tell my mom to do.

Moving Forward…

Once you click the popup message, you’ll be presented with a page that looks like your My Computer view, telling you that your PC is infected. Nevermind that no real antivirus looks like this, regular PC users don’t know any better.


After a few seconds of this, you’ll be presented with a popup dialog in the web page that says your PC is infect, and you can click the button to Remove all. The dialog looks real, and can even be dragged around the page—in my research, this seems to be the point where most regular users get confused.


Once you’ve clicked it, you’ll be prompted to run an installer—which you might note has a number of warnings.


As soon as the installer is able to execute, you are infected.


You won’t be able to open up any applications…


And you can’t remove it from Control Panel.


Removing Rogue Fake Antivirus Infections (General Guide)

There’s a couple of steps that you can generally follow to get rid of the majority of rogue antivirus infections, and actually most malware or spyware infections of any type. Here’s the quick steps:

Those are the rules that normally work. Note that there are some malware infections that not only block safe mode, but also prevent you from doing anything at all. We’ll cover those in another article soon, so make sure to subscribe to How-To Geek for updates (top of the page).

Let’s Get to Removing Internet Security 2010

The first thing we’ll want to do is kill the virus that’s currently running on the system, and there’s a really easy way to kill Internet Security 2010 without downloading any special software just to kill it (we’ll still need to download something to clean it, however).

Open up the Start menu, click the Run button (or use the Win+R shortcut key), and then type in the following:

taskkill /f /im is2010.exe


Hit the Enter key, and the main virus window should go away. After you’ve done that, you’ll want to quickly execute the following commands:

taskkill /f /im winlogon86.exe

taskkill /f /im winupdate86.exe

At this point the virus isn’t currently running on your system—but it’s still lurking in the shadows, but you can actually run any malware removal tools that you’d like.

Use SUPERAntiSpyware to Clean the Malware

Now that we’ve killed off all those processes, we’ll get to removing the actual malware from the system by downloading SUPERAntiSpyware and installing it. You should be able to grab the full version, or you can use the portable variety that we’ve already recommended.


If you grabbed the full version, make sure to use the Check for Updates button, and then click the Scan Your Computer button… make sure to perform a Complete Scan, and select all of your drives. 


It should easily find and kill all of them. You’ll probably note that on this particular machine that I was using in the screenshot, there was a lot of other bad stuff that it caught as well. Woot!


Once it’s done, it’ll let you remove them all in a click, and then prompt you to reboot… you shouldn’t reboot yet. Job isn’t done, however!

Install Malwarebytes and Scan 

Next you’ll want to install MalwareBytes and run it, making sure to run a full scan. The main reason to do this is because there’s no way a single malware removal tool can know about every single piece of malware out there, and you may as well make sure your system is clean.


Install Microsoft Security Essentials

You should definitely install Microsoft Security Essentials and run another full scan once you’re done.

Note: If you used a thumb drive at any point during this process, you should make sure and scan that as well—I’ve had viruses hop over to the thumb drive, ready to infect the next machine.

Sidebar Note 

Here’s an interesting fact for you—the two processes that we killed earlier are actually from Advanced Virus Remover, another awful malware we’ve previously told you how to get rid of. Clearly they are both developed by the same jerk.


The winlogon86.exe seems to be mostly used to show messages like this one:


While winupdate86.exe is responsible for blocking you from opening other apps, and re-launching the main Internet Security 2010 window.


Note: Robert, one of our excellent readers, wrote in mentioning that you can often just leave this window open, and then continue to install any malware removal tools you like. Here’s what he had to say:

There is one little trick that you missed, that I mentioned on a different post that was similar to this one. When it pops up with the error message saying; “Application cannot be executed. File is infected.” ..etc… Simply *MOVE* that message box to the corner of the screen, and you can install SuperAntiSpyware just fine.

There appears to only be one instance of that “error message” that will run at any given time. You will get multiple errors, you won’t get that obnoxious sound that computer makes when it tells you that you can’t do that…. Now, if you hit “OK” you’re just asking for a headache.

Great tip Robert, and thanks for helping out the cause! I’ve tested this out, and it appears to be the case depending on which virus you are infected with—some of them are smarter and shut you down all the way.

What About You? Had any Virus-Killing Experiences?

Have you had any experience lately killing this virus, or other similar ones? Let us know in the comments, or feel free to email into the tips line at with your best method for killing these viruses. We’d love to hear your expert feedback!


Looks like there might be some stronger versions of this thing out there – I would advise not rebooting after you run the initial SUPERAntiSpyware scan, and installing and running MalwareBytes right away. Also, you should check out the advice from all the readers in the comments below.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 01/25/10

Comments (51)

  1. Compmam

    Two days ago I had to clean my sister’s computer from Internet Security 2010. My first try was the system restore, which surprisingly helped (I was sure it wouldn’t). Afterword I too installed security essentials, which I like a lot, to find the infected file that started all this.

  2. John D

    This is good info. I noticed the similarity between this and Antivirus Live immediately. I’m just glad I read that article the day before!

    One thing, though, on the machine I encountered this on. It messed up the networking. It wasn’t until I tried opening IE and chose the Diagnose link that it started working correctly. However, I’m still suspicious that there weren’t some permission problems as well.

  3. Paul

    Thanks you, I have only recently changed `puter from XP to Win7. Had a huge learning curve to climb. Thanks to you lads it has been made so much easier. The ability to look up those little tricks and the “how too” section is really great. Many thanks again.

  4. Rob

    This thing is the devil. I never executed it from that website as it got in somehow through a security hole of some sort. I ran everything on the version I had and nothing (NOTHING) was able to get rid of it. I eventually had to go back to a restore point. I think what I had may have gotten into the kernel layer since every tool I used it would come back. It disables anti-virus programs as well… I was using Avast at the time and it would disable that software completely.

  5. sam

    this guide is no longer valid. I just ran into IS2010 today on a customers machine and attempted to remove it using SAS portable, it seemed like it was working, up until the reboot, now it does an instant-logout on any login attempts, and it appears that safemode has been blocked. I thought it might be another virus until I got a call from another customer with the same exact symptoms. ideas?

  6. Steve

    Thank you for this write-up. I am tech savvy and it did not get on my computer, but once it got on a friends I got a phone call. I had tried everything i could find through Google searching, and am not sure why I didn’t think to check here (I read howtogeek most days).
    The computer in question wouldn’t do anything but show the IS2010 window in a normal boot and while I could still boot into safe mode I still could not run anything. I think the taskkill commands were the key to allow me to get through enough of a scan. One thing I did have to do was once SUPERAntiSpyware had found a large number or infections I clicked next to stop the scan and clean what it had found. If I let it try to finish the computer would lock up and I would have to start over again.
    I am in the process of running full scans with Malwarebytes, then onto a full virus scan, but I am actually making progress after beating my head on my desk for the last day.

    Thanks howtogeek!

  7. sam

    actually now i’m reading that this only happens with the “weaker” malware removal tools such as super anti spyware and spybot S&D. according to everything i’m reading you’re supposed to use malwarebytes. So basically i’m screwed on this one, but you guys might be able to save other computers if you warn them not to run SAS or spybot S&D

  8. John D

    Sam, that was one of the problems I had. It was such a problem, I blogged an article about it on my own blog. Therefore, I give permission to myself to copy and paste the post-cleaning steps I took. :)

    At any rate, the following may or may not help you or anyone else:

    One tip-off that it was either a permission or corrupted file/registry entry was that it kept complaining that svchost.exe had an application error upon startup. This occurred before login.

    In order:

    1. Tried to use the wizard to setup a new network connection. It seemed to work OK, even asked to reboot, but it still was “Acquiring network address” after a reboot.

    2. Removed and re-added the network card. Same symptoms.

    3. Tried doing an “update” of Windows XP over Windows XP using an install CD. This got rid of the initial svchost.exe error, but then it complained that Windows needed activating. It would ask if I wanted to activate Windows, and of course it couldn’t because the network wasn’t working, so either way it would just stay logged off.

    4. Did a restore of the post-virus clean system (I did a backup as soon after cleaning it as I could). I still think this is what really fixed it, as it probably forced permissions to be correct. Same symptoms appeared afterwards, but now at least it seemed that changes were being saved.

    5. This time, I tried to bring up IE in spite of the fact that the network wasn’t working, and I did a Diagnose. It brought up some more dialog boxes (it was about 3 am, so sorry I don’t remember which ones), and it asked to reboot. Voila!

    If it was a permission issue, it would explain a lot of the problems, including why “updating” XP over itself did not work. Otherwise, I’m still in the dark as to what the root cause of the post-cleaning issues are.

  9. The Geek


    I’m going to do some more testing – it’s possible there’s multiple varieties of this thing? I think if you run both SUPERAntiSpyware and MalwareBytes without rebooting, should be able to get through it fine?

  10. sam

    during my research I ran into a guy who experienced the problem and may have found a fix, I haven’t tried it yet, but at least its something.

    “XP Auto logging off problem Solved.
    This problem occurs after virus clean up Internet Security 2010 fake program
    I had this same problem and it sounds like the common solution is to copy a new userinit.exe file to wsaupdater.exe. In my case, the registry key for userinit.exe was not pointing to wsaupdater.exe, it was pointing somewhere else entirely. The only way I was able to log in again was to edit the registry and change key string to Under KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
    to read ; C:\WINDOWS\system32\userinit.exe

    In order to edit this, I downloaded and created a BartPE boot disk. After the file is downloaded installed it on a working computer running windows XP only .The downloaded file scan any XP only computer and build a bootable CD. After the boot CD is created, boot the affected machine from the bootable CD and follow these steps.

    1. Click the icon in the lower left corner and select Run
    2. Type Regedit
    3. Highlight HKEY_USERS
    4. Click the File menu and select Load Hive
    5. Navigate to C:\Windows\System32\Config\Software (pick software and open)
    Tip! if no sub folders is seen under windows make sure the file name field is blank or click in the
    file name field and press enter you may repeat a few times until sub folders is seen
    6. Name the hive something like MyHive
    7. Open MyHive folder under HKEY_USERS
    8. Navigate to KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
    right click on (userinit ) choose modify next change the value of Userinit to
    9. After you have made this change, it is important to unload the hive
    10. Highlight the MyHive, click on the file menu, and select unload hive.

    This should fix your log on problems.”

  11. Nolan

    Sam, that userinit value should have a comma at the end of it as well. Another thing I’d recommend every check on is the date and/or digital signature of the storage drivers. In the C:\Windows\System32\Drivers folder sort the files out by date and look for iaStor.sys, atapi.sys, nvstor.sys, or nvgts.sys with a recent date. If it’s roughly the same age as the infection (or is missing manfucturer information in the file properties) then it is infected and you need to replace it. If a scanner did find these and remove them, you’re probably now getting a 0x7B BSOD. I emailed The Geek yesterday with a little more detailed explanation of these two hang ups and from a note he made in the Security Tools article I believe he’s going to do an write up on solving these issues (and more?) if you run into them.

  12. wolfman544

    Another option I’ve used for scanning.
    Grab a Ubuntu Live CD, boot into linux. Head to, download and install the linux version. You’ll have to activate it, but that’s free and hey at least Avast is legit.
    All this can be down without rebooting, which would kill the Avast install, since it’s a live cd session.
    Then you can scan and clean your drive.

  13. The Geek


    That’s an awesome idea! I’m going to write that one up. Like, right now.

  14. 1fastbullet

    I spent yesterday evening removing a variation of this trojan from a machine. Nothing would install and nothing would run from a thumb drive. At last I noticed that the pop-ups didn’t start immediately when XP loaded and I was able to use that 30 or 40 seconds to iniate a MWB scan. Upon completion of MWB I rebooted and ran SAS. Once the scans were in progress, the infections were powerless to iterrupt them.
    Ultimately, I ran a few more tools and got the machine clean. But it seemed essential to initiate the scans as quickly as possible after XP loaded and before the trojan had.

  15. kleigh

    Sam/Nolan: I have followed the instructions for the XP Auto logging off problem, but, after 6 tries, it didn’t take. Since pulling my hair out, I managed to find a fix for the userinit value that works. We are now logged in and are following the above steps (using SUPERAntiSpyware & Malwarebytes, etc..) to get the job done. Will keep you posted on the outcome! Fingers crossed!!

    Here are the steps to fix the login problem:

    1.Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible, as shown in Figure 1.
    2.Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
    3.From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:

    4.Select the file named SOFTWARE (the file without any extensions), and click Open
    5.Type a name for the hive that you’ve loaded now. (Example: MyXPHive)
    6.Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
    7.In order to fix the Userinit value in the loaded hive, navigate to the following location:
    HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

    8.Double-click Userinit and set it’s value correctly. Example: Set it’s data as follows:

    (Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)

    9.After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It’s important to note that you’ll need to select the MyXPHive branch first, before unloading it.
    10.Quit BartPE and restart Windows. See if you’re able to logon to your profile.

  16. David

    this internet security 2010 is really bad. Not only is the person that wrote this junk a complete jerk! They really should be put in jail. Enough ranting for now. Not only has it reinstalled itself on my computer after running Malwarebytes, Windows Defender, and Spybot…it has added windows\system32\drivers\etc\hosts, windows\system32\lwinlogon32.exe, smss32.exe and helper 32.dll to the PERMITTED items on Windows Defender AND I can’t get to the page to manage allowed items! Any ideas?

  17. Laura

    I too can’t log on to my laptop. I can’t go into safe mode, nothing. It just logs me right back off again no matter what I do. Someone please give me some advice, I can’t afford to spend $200 to get it fixed! I have fixed all other viruses myself, but this one has wrecked my computer in a matter of a few hours. Please help!!!

  18. Frank

    I happened to be visiting my parents a few weeks back. I was using their PC searching for info on adoption of the Haiti orphans, hit a link to a page and got infected. Luckily I had SAS, Malwarebytes and ComboFix with me. This was one tough fix. System Restore was gone. After running scans with SAS and MWB and cleaning what they found, I then booted into Safe Mode with networking and then ran ComboFix. ComboFix found that System Restore was missing and asked if I wanted to go to MS to download and reinstall. When it was all said and done, it took me over 8 hours to get the PC clean…

  19. Motogeek

    My computer was infected with this IS2010 and I used my Avira, SuperAntiSpyware, and Malwarebytes. The virus still seems to find its way back onto my computer. Also, it has broken all of the file paths for my apps. Everytime I try to open Word or Firefox or anything, it asks which program I want to open it with. I choose the program and it either works or it says file path not found. How do keep these paths from being jacked up and keep this stupid virus at bay??

  20. Motogeek

    Also when i try to Run taskkill /f /im winlogon86.exe etc., it says program not found.

  21. Andres86105

    I have the same problem with out log off. i tried to create a BartPE CD but don’t know how to create it. I downloaded PE bulder but once it scans it tells me that there are no intallation files. can some one tell me how to create a boot disk so I can fix my computer.

  22. JD Willoughby

    Can not even log on only blue screen Help Please

  23. shlee

    None of the above really helped me at all unfortunately. I have no idea what i was doing the entire time because I’m not even barely computer savvy. But i got it off finally by using different methods. The first thing i had to do was un-disable my taskmanager. I kept getting a pop up saying it was disabled by the administrator. I had not done that so i assume it was the virus. So i googled how to do that. It guided me to where the disable taskmanager file was and i deleted it. It worked and i was able to run my task manager and end the virus pop up managers long enough to run I was then able to run superantispyware and malwarebytes but when i rebooted security essentials was still on my computer ug! And i couldn’t remove it with add/remove programs so i googled how to remove things without it. I found a link to revo uninstaller pro.(before i did any of this though i had to repeat the taskmanager/ steps) I used the hunt option and moved the hover button over the security essentials 2010 icon on my desktop. It found it and all the connecting files. It did not choose which files to delete on its own which is a good thing. You must be careful with this program and only click the files that are se2010 and only them. This program will delete needed folders if you accidently select them or are unaware that they are important so be careful. I only selected the files that had the name security essentials 2010 in the name, and no folders. seemed a bad idea to do that to me. anyway now my computer is totally fine and my mom is not allowed to use it ever again =] hope this helps someone. and btw i had no idea what i was doing the entire time i did this, i even called a computer software helper guy to get helped and only did all this after he gave up and told me it wasnt worth it and to just take it to get wiped clean. haha to him. and i hate whoever was stupid and lifeless enough to make such a thing as this virus. ug ug ug

  24. paul

    i managed to get online went to wiondows onecare safety scanner that removed the main problem after that i installed malwarebytes anti-malware a cleaned up the rest of the infections pc works good now

  25. j

    The only way to remove spyware safely: reformat your hard drive.

  26. Craig Tompkins

    While this definitly will not help everyone, I have found that most of these install into the local profile on the computer. At work, users are not local admins, but the software installs anyway. That’s because users can install stuff to their profile. So to clean the system, we have been able to blow away the users profile and when they log into the Domain the next time, the local profile gets recreated. Of course they lose any Favorites and stuff under “my documents” but they are suppose to be saving all their files to the network drive.

  27. André

    I read your article on How to remove Internet Security 2010, what exactly do you mean by Hold down the power button for ten seconds.

  28. daisy

    My laptop got infected yesterday with this virus. Thanks to Malwarebytes, now it is completely removed and my laptop is functioning good. But when it was attacked Windows 7 didn’t let me go online. So basically I had to go to main computer and download Malwarebytes to my flashdrive. Then I simply got it to my laptop.

    Here is a picture of the nasty trojans which Malwarebytes found :

  29. Joseph

    I couldn’t install SUPERAntispyware because my Rogue/Fake Antivirus Malware (AntiSpyware Soft) wouldn’t let me install it, even with it’s unique name. The best trick I found somewhere else to temporarily kill the spyware so I could load it was to reboot and hit Ctrl-Alt_Delete immediately after logging in. That allowed me to go in and find the spyware in the Processes and kill it so I could then install. I then installed SUPERAntispyware and have just finished the full scan. On to the next steps. Thank you. . .

  30. Steven Torrey

    I had this version once. I opened in F8 ‘safety mode.’ I went to the control program and deleted it from there. I went to start for ‘All programs’ and deleted it from there. I did a search,for the specific title, still in safety mode, two folders were shown; I deleted each of those. Then I went to “System Restore” and set the computer back about three weeks. That seemed to do the trick. Note, I didn’t go into the Registry, being apprehensive about that and not at all certain of what to look for. As you also indicate, turning your computer off immediately upon notification of this virus, seems to be the best; but if your new to computer viruses, the person may not even be aware of what the monster is. In the end, it seemed advisable to subscribe to a good antivirus program and since then, I have been protected; the small price seems to be worth the expense.

  31. Julie

    I got this virus in the beginning of 2009, and had to pay a PC repair guy $70 to fix it. Good thing is I found a great PC repair guy in my area, bad news, I lost some data and some money.

    You wrote a great article though, and I am sharing it with some of our customers at AtNetPlus. Keep up the good work!

  32. linda

    the fake antivirus would not let me go onlin what should i do? im using my friends computher irght now

  33. Billy

    It’s so sad that people are having these problems. If they just used the right stuff and stayed away from the wrong websites they would not be infected. I have a friends computer right this minute that I’m fixing, plagued with Malware, viruses and no telling what. Couldn’t do anything on the thing. It will be fine and I hope it is a lesson learned for him. Run your AV and use Malwarebytes, Superspyware and a good firewall like Comodo.

  34. bob

    F8 – safe mode

    then go to accessories-system-system restore

    pick a point a day before you got the virus.

    bingo – virus is gone – you should not need to do all the steps above.

    Malwarebytes scan will confirm the virus is gone.

    Once you have a clean system again save the restore point as ‘Clean system’ so you know you can always get back to the state easily

  35. LothianJamie

    Hey guys, i got the virus on my PC around february this year, no idea how it got there as i was in the showerbefore work when my friend was using it to check her emails, then when i came home frome work it was there, spybot ran and claimed to have gotten rid of some stuff so i restarted, then when i pressed enter to log on (i dont have a password) i got a blue screen and it went back to the log on, i’ve tried using a USB converter, plugged it into another pc with norton on it, i even downloaded malwarebytes, ran scans, nothing, i cant even access my documents that are on the drive that way, unless they’re in programme files, its doing my head in now, ive been trying to sort it for months! i’m on a low income and cant afford the £75 to get rid of it just now, any help would be greatly appreciated, i have no idea how others overcame the logging off problem as there’s nothing to click to get anything else to run!

    Yours Faithfully


  36. Kevin

    The other day, i downloaded Itunes for my new ipod, and after i downloaded itunes is when the fake antivirus programed, named Antivirus IS, got onto my computer. It completely blocks out and wont let me run anything at all, even after following a few tips on here. SUPERAntispyware won’t work, nor malwarebytes, and i cant even finish installing microsoft security essentials. any help asap would be great

  37. ken

    I have dealt with a lot of these fake programes in the past for clients and I don’t know if I am just lucky or just really good but this is what I do for all/most problems:
    1. Finger down on the power button till a complete powerdown
    2. F8 to command prompt
    3. Enter your Admin and password details for the OS
    4. Once at the command prompt type in explorer.exe, (you should now get your desktop)
    5. Now run which ever way you like, system restore.

    Choosing the date for the restore can be tricky as you may never know the date of the start of the infection but take it back a week to be safe, your doc’s should be ok.
    Vista pc’s/laptop take a long to complete this, takes an age to bring up system restore and then to finish but it doe’s work, for me anyway.
    I’am not saying this is a complete fix you should still run whatever anti* app and MS essentials.
    And Hijackthis to see what has been left behind.

  38. Jane

    I was on my lap-top minding my own business when a program popped up and said my computer was infected and it would fix it. I immediately stopped the scanning and went on about my business. It popped up again so I went to uninstall and uninstalled it. Now a large box with “YOUR COMPUTER IS INFECTED, etc is in the middle of my screen saver and I can’t get it to go away. I’ve shut down and rebooted but it is still there. Any ideas on how to get rid of this annoying information box? It’s right over my Nick Saban screen saver too!! Would restore to earlier date help? I am protected by Trend Micro Internet Security and did run a scan which said I am not infected. Thanks!

  39. E

    The internet security 2010 got me……I’ve tried most if not all recommened……I’m either doing something wrong or just unable to follow directions….any help at this point would be appreciated

  40. Lego

    I got attacked by new version Internet security 2011 it blocks all antivirus, anti spywares, firewalls and all action againts it…. now my PC attacked by trojans and virus since all protection is turned off can anybody help with this version?

  41. atmos

    Nifty code that you can insert into Run and possibly regain access to your task bar with for those viruses that disable ctrl+alt+delete:

    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

    A few things I want to say: these viruses suck, the creators will be subject to vast misfortune and suffer eternal negative karma should the universe really unfold as it should.

    Next, I’ve encountered these a lot and dealt with them successfully and without success. The ones that destroyed Internet capabilities (maybe corrupting/deleting drivers?) were the biggest pain in the ass. The problem with saying “oh just system restore” is that system restore is entirely unreliable. Not all users have it set up properly (it’s a damn good idea to test it and see) and those that don’t probably are unaware of it until a shitty worm like those mentioned above attacks and settles in. I hope we’ve got people working on these types of problems around the clock — the hackers certainly aren’t going away.

    The sad thing is even if you are educated on computer repair and networking, these bugs are still almost impossible to find yourself. We need robust software like malwarebytes/super anti-spyware to help. Here’s to the developers fighting the good fight! This bowl’s for you!

  42. Chris Felthauser

    I’m not a tech savvy person. This is the second time I’ve ran into this bugger. First time was on a friends computer, he is less tech savvy then I am which is actually pretty frightening. Lucky he can turn the darned thing on. Frustrating part is that we pay all this money for anitvirus software and it doesn’t catch this thing. Someone wrote, “stay away from the wrong websites”, unfortunately this little sob got me and I didn’t know I was going to a wrong website. I googled a search item, and clicked on the link that came up from Google. So I guess now I’m not supposed to trust anything that comes back from Google during a search according to this guy? I would think that Google would/should look into preventing these types of website links from their search engine. God knows they like to install Google everything any time you try to use them, why not try to kill this virus that has been hanging out there for how many years now? I’m going to try to get on my laptop and try all the things listed here, or at least try the ones that I understood what they were talking about.

  43. Robert

    I got this IS2011 last Night this guy wants fking shooting, and i would have plesure in doing so, this software can rip me off who are not computer savy, i.e old ladies, Seniors pensioner, even the young, i manage to shift it on System Restore, but i also need to run some scans with the software mention here.

    I hope this would clean my PC up.


  44. Steve

    I cleared the Hostageware by moving the clock ahead 30 days. Would not let me change clock from normal operation, had to access the clock via F2 intervention upon booting. The Hostageware had also set IE to a proxy server, which had to be unchecked. Then, and only then, could I cajole McAfee to run and stamp out the Trojan

  45. BaconLTomato

    I had this on the work computers. I got malwarebytes and SAS. neither got the program its self. they both just got registry entries. In the end i could get to Safe mode. In safe mode i used the Find target in properties of the shortcut it gives you, and deleted all the files in the directory. Then i ran both again to get the leftovers.

  46. Stuffed Pepper

    I work in an IT shop and when one of our laptops get hit with a virus, we try to clean it with Malwarebytes and Security Essentials and if that doesn’t work we back up the data and reimage the laptop. You can spend hours trying to clean some of these viruses. We have found that a reimage is sometimes the fastest way to get the user back in business.

  47. Radu

    This may be somewhat off topic, but please, i need help! i think i removed “Internet Security Essentials” rogue av using SUPERantispyware and then MalwareBytes! and now i can only start my pc in safe mode with networking, not in normal mode! what can i do? last option is to format my pc, but i can only do it 3 times with windows xp, and i have already done this twice!

  48. Norakirsten

    Okay her’s what I did and I never went into safe mode or nothing like that just some simpler manual stuff :
    I did it today! In a way I never found on the Internet. Right click on the internet security essentials icon and the clck properties and find the file location. Now you need to copy the location and go to my computer thru the start menu and paste the location in the location box at the top. If it doesn’t wok then cut out the last part of the location. Delete everything in this folder. If something won’t delete then go into task manage Nd end the process with that name. After this search Internet security essentials in your start menu or something and delete anything that says Internet security essentials. Make sure to get the fake my computer as well. You spot that when there are two my computers on you desktop and when you change the settings to make he icons big, one should look all pixel ish. Now right click on recycling bin and hit empty. You should be good but also be sure by running a scan by whatever it Is that is supposed to protect your computer from viruses. If you don’t have one I suggest spigot search and destroy cuz that’s what I have and it works.. You are welcome. Oh and I’ve posted this on other sites too. Just trying to srpead the good word.

  49. neha borse

    i’v followed almost everything that u hv advised over there since i ws attacked by the very same thing.
    i hv cleaned my PC ,i think cz i hv installed & run d superantispyware & malwarebytes.
    but still im nt unable to get connected to internet.
    plz suggest somthing.i hv no idea about wt hv gone wrong…………

  50. karunakar j v

    this is toomutch and risky lisn me that is too easy method to remove
    download iobit 360 spyware removel tool, and install it ,it is a freeware and run it ,and do hijack scan u now smile happyly .. se result ok
    thanking u,,, yours karun

  51. lfrede29

    I have come across this problem on several computers that I have repaired. I always run the system in safe mode with networking. Download Combofix from and put on a memory stick. Run it on the computer with safe with networking. It clears up the problem, then you can run virus and malware software.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!