Internet Security 2013 malware appeared recently, following its slightly different predecessor named Internet Security 2012, the rogue previously described by us. Both of these fake anti-spyware programs have the similar core process named amsecure.exe. Both of them give similar fake security popups and notifications about all your programs and exe-files being infected with W32.Blaster.Worm virus. Even though W32.Blaster.Worm infection is a real threat, nevertheless, in this particular case the report of Internet Security scam about its presence on your PC is totally fabricated. Internet Security rogue can be removed using several techniques and tricks. The very malware uninstall process can be either automatic or manual. Automatic removal can be successfully accomplished with the help of decent and reliable anti-virus software described in this blog. However, even with the case of automatic virus elimination manual interference is required on user’s part. This is all because Internet Security scareware blocks all user’s attempts to delete it, resulting in total inability to launch Task Manager, Internet Explorer or other browser and even the available anti-spyware applications already available on the infected computer. By the way, this is most probably their fault that the virus entered your machine. Obviously, their anti-virus database was outdated when the malware attack took place. However, in some cases users fail to update anti-virus tools on time or even totally ignore the need for security applications to be installed on their computers. No doubt, such conduct often brings to unexpected and undesirable results of PC becoming the dwelling for malwares like this pest.
Internet Security hoax
Be careful when Internet Security virus arranges fake scan of your system. At this point there is a high risk of this malware to convince you in its allegedly “decent” intentions. The rogue would arrange this bogus scan automatically with each Windows startup. This is the amendment initiated by the hoax during the very installation process by adding the respective registry entry. After its scan is over the program would report very many threats and viruses supposedly detected by it. Nothing you encounter to be reported by Internet Security malware should be treated seriously by you. The program wants to make you its victim when it then instructs you to purchase the license of it, saying that its full version will remove all threats identified. Remember that such threats aren’t real, whereas Internet Security is the most serious threat. So, if you want to remove this malady from your computer, please pay attention to the removal guides below. Do not purchase the licensed version of this hoax. Remember that this program did not enter your computer according to your consent or approval. Thus, its behavior proves that this is not the program worth your trust. Ignore its fake security warnings, popups, ads and other notifications. Get rid of it at once using one of the methods reviewed below.
Automatic removal solution:
- Click “Start” and select “Run”.
- In the window that appeared insert the text “taskkill.exe /F /IM amsecure.exe”. Please insert it exactly as it is, without quotation marks in the beginning and at the end. Please use capital letters and spaces where necessary.
- Repeat the previous step several times until the malware process amsecure.exe is finally terminated. This is the core process of this malware program.
Run command
Now it’s the right time when you can download, install and run the legitimate anti-virus solution to get rid of this virus. In this blog there are links to various security applications, so you have a large selection from where you can choose. Consider some free anti-virus tools to install on the permanent basis, especially the ones giving real-time and online protection. This is how you can block virus attacks next time.
Manual removal solution:
- Depending on the type of your operating system, search for the file “amsecure.exe” in these folders – C:\Documents and Settings\All Users\Application Data\amsecure.exe for Windows XP and C:\ProgramData/amsecure.exe for Windows 7/Vista. Make sure you have the option to view hidden files and folders before searching for this file.
- Rename this file “amsecure.exe” to any random name and reboot your computer.
- Once you reboot the malware will no longer be active.
- Open your Registry Editor and search for this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”
- Delete the above-mentioned registry entry when you find it.
- Delete the file that you renamed to random name (previously named as “amsecure.exe”).
Internet Security system modifications:
Internet Security system process(es):
amsecure.exe
Internet Security file(s) added:
%AppData%\amsecure.exe
Internet Security registry entry (entries) added:
- HKEY_LOCAL_MACHINE\Software\amsecure.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “amsecure.exe”
- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Internet Security”
File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
