1 of 6
Danger level 10
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Changes background
  • Connects to the internet without permission
  • Shows commercial adverts
  • Slow internet connection
  • System crashes
  • Cant change my homepage
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
Antivirus 2010 , InternetSecurity2011

Internet Security 2011

Despite the tireless efforts of the online security industry, many users are still falling victim to the seditious and treacherous Internet Security 2011. Internet Security 2011, a direct clone from the subversive Antivirus 2010 shares more than just the same Rootkit with this well known and highly despised rogue. Users will recognize Internet Security 2011 by its crippling symptoms, as this rogue has the ability to leave any infected PC utterly devastated and unusable.

Internet Security 2011 will block the execution of legitimate executables in an effort to keep the user from running a security application which could detect and remove Internet Security 2011 from the PC. This can quickly turn into an intensely annoying situation, and users who receive the following message:

“Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.”

...can easily regain control and access to the desired program, simply by making use of the cacls.exe application, standard with any Windows operating system. Go the Command Prompt folder on the system, and type the following to give the “Everyone group access to the file again:

“cacls /G Everyone:F”

In an effort to trick users, Internet Security 2011 will replace a crucial Windows component called userinit.exe. Users should not delete this .exe file as it is a critical part of the Windows operating system. Its default location is located at

"c:WINDOWSsystem32us?rinit.exe (Do not delete the C:WindowsSystem32userinit.exe file)"

Of course, like many other roguewares Internet Security 2011 makes use of false system scanners and bogus system notifications in an effort to panic the users into parting with their cash. Some of the more notorious fake warnings to be on the lookout for include the following:

“Attention! Network attack detected!
Your computer is being attacked from remote host. Attack has been classified as Remote code execution attempt.”

“Attention! Threat detected!
NOTEPAD.EXE is infected with Trojan-BNK.Keylogger.gen
Private data can be stolen by third parties including card details and passwords.
It is strongly recommended to perform threat removal on your system.”

“Windows Security Alert
Your computer is making unauthorized copies of your system and Internet files.
You should immediately run full scanning of your system to prevent any unauthorized access to your data.
Click YES to run Antivirus scanner right now.”

Obviously none of these fake messages can be trusted, and users should never believe any correspondence received from Internet Security 2011. Inexperienced users should not attempt to manually remove Internet Security 2011. Rather make use of a genuine and fully updated security tool which will be able to get rid of Internet Security 2011 permanently. This will also offer protection against future similar threats.

Download Spyware Removal Tool to Remove* Internet Security 2011
  • Quick & tested solution for Internet Security 2011 removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Internet Security 2011

Files associated with infection (Internet Security 2011):

{E9C1E0AC-C9B1-4c85-94DE-9C1518918D01}.tlb
InternetSecurity2011.exe
c:\WINDOWS\system32\exefile.exe
c:\WINDOWS\assembly\GAC\__AssemblyInfo__.ini
c:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
c:\Documents and Settings\All Users\Application Data\.wtav
c:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\
c:\WINDOWS\system32\us?rinit.exe
c:\WINDOWS\system32\drivers\vbma22b4.sys
c:\WINDOWS\system32\mswmqnei.dll

Processes to kill (Internet Security 2011):

InternetSecurity2011.exe
exefile.exe

Remove registry entries (Internet Security 2011):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma22b4
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.