Internet Security is a rogue security application with the slogan titled as “designed to protect”, but this is, no doubt, a wrong impression about real capabilities of this hoax to delete viruses. The application merely has just one file (amsecure.exe) and one registry entry, still, it completely disables user’s attempts to remove it easily, using the general software uninstall principles and approaches. When someone tries to run available (already installed) anti-malware program the malware says that the file you attempt to execute is infected with W32.Blaster.Worm trojan horse. Task Manager is also disabled so that user would not be able to terminate amsecure.exe (the main process of Internet Security fake antivirus). Likewise, trying to download certain security programs over the Internet bring no positive outcome, the same fictitious message of Internet Security comes up and scares you with the notification that the file you attempt to download is infected with W32.Blaster.Worm. This is how many people got scared, especially after they received many other fake security notifications, popups and warnings of this rogue about all kinds of threats unveiled by it during its fake scan. Such scan is initiated together with every system startup, i.e. immediately when you launch your PC.
As we’ve already mentioned in the paragraph above, deleting this malicious program is not so easy, in spite of the fact that it has just one file and just one registry entry. Some blogs online say that it is possible to indicate the registration key of Internet Security to facilitate its removal with legitimate anti-virus software they promote. This is true, and you might consider one of these reg keys Y76REW-T65FD5-U7VBF5A, Y86REW-T75FD5-U9VBF4A or Y86REW-T75FD5-9VB4A. You may indicate them in the respective field after clicking “Get full time protection now” button in the left-bottom part of its GUI. When the rogue activation (registration) has been successful you may download legitimate anti-virus software and get rid of this scareware program without any obstacles on your way. However, there is a risk that some day these license codes will not work. If this is the case, why don’t you try another, manual solution to remove Internet Security malware? It is free and will not take too much of your time. Moreover, it does not require many specific computer skills from you. Give it a try, hopefully this will help you to clean your PC. Even though further scanning of your system with legitimate anti-spyware program is mandatory. Thus, choose one of them in the right sidebar of this blog (the links will lead you directly to the download page of the security software of your choice). Finally, if you have mistakenly paid for the fake license of Internet Security rogue please refer to your bank or payment processing company to demand chargeback for your wasted funds.
Alternative (automatic) removal solution:
- Click “Start” and select “Run”.
- In the window that appeared insert the text “taskkill.exe /F /IM amsecure.exe” (without quotation marks). Please insert it exactly as it is, without quotation marks in the beginning and at the end. Please use capital letters and spaces where necessary.
- Repeat the previous step several times until the malware process amsecure.exe is finally terminated. This is the core process of this malware program.
Now it’s the right time when you can download, install and run the legitimate anti-virus solution to get rid of this virus. In this blog there are links to various security applications, so you have a large selection from where you can choose. Consider some free anti-virus tools to install on the permanent basis, especially the ones giving real-time and online protection. This is how you can block virus attacks next time.
Alternative (manual) removal solution:
- Depending on the type of your operating system, search for the file “amsecure.exe” in these folders – C:\Documents and Settings\All Users\Application Data\amsecure.exe for Windows XP and C:\ProgramData/amsecure.exe for Windows 7/Vista. Make sure you have the option to view hidden files and folders before searching for this file.
- Rename this file “amsecure.exe” to any random name and reboot your computer.
- Once you reboot the malware will no longer be active.
- Open your Registry Editor and search for this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”
- Delete the above-mentioned registry entry when you find it.
- Delete the file that you renamed to random name (previously named as “amsecure.exe”).
Internet Security system modifications:
Internet Security system process(es):
Internet Security file(s) added:
Internet Security registry entry (entries) added:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “amsecure.exe”
- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Internet Security”
File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.