Introduction

Another destructive fake antivirus software ‘available’ now at our world is Internet Security 2012 which always display huge amount of fake warnings without any real system check for parasites existence in your computer system. Internet Security 2012 infiltrates your computer system by came first from infected website and destroys your system by blocking your access in gaining information about the parasite and makes you believe that you’ve purchased trusted software. The following is a variation of fake system alert and popup created by the software:

 

Explorer.exe cannot start
File Explorer.exe is infected by
W32/Blaster.worm
Please activate Internet Security 2012 to protect your Computer.

One of its fake system alerts is related to child porn. If you found a system alert which describe this message : “Infected: W32/Child-Porn.PROXY/Server”, always remember to never search for the files on your hard disk because you want to remove them or even you want to have the full version of the malware. The right thing you should do is remove the malware, although the malware will prevent you from removing it by blocking ‘the true’ anti-malware program being installed on your system.

 

Manual Removal Process

  1. First, you need to stop processes related to the malware. Right click on the taskbar, and then click the “Start Task Manager” option
  2. After the menu opened, click the “Processes” section, and find these processes :

isecurity.exe

winupd.exe

For each of them, you should end the process. You can do it by clicking the “End Process” button at the lower right section. After you clicked the button, another popup window will opened, you just need to click the “End Process” button to terminate the process.

  1. After that, close the “Task Manager” and now click the “Start” button on the taskbar, find “Run” menu and click it.
  2. Type “regedit” at the empty bar to open the Registry Editor menu.
  3. After the Registry Editor menu opened, search for these registry files and remove them :

 

HKEY_LOCAL_MACHINE\Software\ISECURITY.EXE

HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “ISECURITY.EXE”

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Internet Security 2012?

 

  1. After you have them removed, close the Registry Editor menu.

 

 

Unregister dll Files

Now you need to unregister all the dll files from the malware. It is impossible to tell you the whole dll files, but you can do something to know the whole files and how to unregister them. Here they are:

  1. Go to the directory where you store all Internet Security 2012 data. If you save the malware at the default location, you will be able to find it at C:\Program Files\Internet Security 2012.
  2. Right click at the empty space at the right side. Point your mouse at “Sort by”, and then choose “by Type”. Now, you will be able to find all dll files at those directories.
  3. One by one, right click at the files and choose Properties. Then copy the location. Next, open the “Run” menu from the “Start” button. Type :

 

regsvr32 -u <filename>.dll

or

regsvr32 -u <path>\<filename>.dll

where <path> is the path to the file, and <filename> is the name of the file.

  1. If there are some folders, repeat point (c) and (d) to all of them.

 

Delete Files and Directories

Now, the last part of the solution. You should remove all files and directories from the malware. Find these files and remove them.

All Users\Application Data\isecurity.exe

All Users\AppData\isecurity.exe

%TEMP%\winupd.exe

3C2.TMP

%TEMP%\[random].exe

C:\WINDOWS\Prefetch\ISECURITY.EXE-1824C86D.pf

 

Final step, you should remove all files directories at C:\Program Files\Internet Security 2012. You can use “Add or Remove Program” from the Control Panel or by manual.

HOW TO REMOVE INTERNET SECURITY 2012

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>