by   December 21 2009   
Internet Security 2010 IS2010.exe I'll call this program a virus but the program itself is not a virus as we know viruses. The only way to have the IS2010.exe run is to either Execute it from the banner advertisement or popup that you saw or by not having your scanner setup to monitor

Internet Security 2010 IS2010.exe Fake AV

 

 

NOTE: This is a 2010 or older report the date was not clear. Reference to AVG 9 should be made to the newest version not AVG 9. If you still have AVG 9 you should download the new version and install it after you uninstall version 9.

File: IS2010.exe ( InternetSecurity2010 running application)

Technical Note: I haven't documented the complete removal process for this virus.
Here are a few notes that might help you get going on things.

I'll call this program a virus but the program itself is not a virus as we know viruses.
The only way to have the IS2010.exe run is to either Execute it from the banner advertisement or popup that you saw or by not having your scanner setup to monitor your temp folders and bat files.

This file will most likely install when you reboot if it didn't install from your mouse click. Once it starts then it installs viruses and continues to download additional viruses like the Login and Logoff virus.

The worst thing you can do is reboot over and over.
This program first attacks your Registry permissions which is bad.
If you know you have this virus and your antivirus attempts to remove it over and over shut down your computer and scan the drive with another computer.

Here's the rest of my notes that might help you save your data.

--------------------------------------------------------------------------------

This virus will change your Administrator Permissions on more things then I'll list. Here's the priority list I started with to get things up and running. Then you can start backing up your documents safely before you either pick apart this virus or just reinstall everything on a clean wiped drive.

1. Pull the HD out of your computer.
2. Connect your infected hard drive to a good working computer with a faster than you had Antivirus.
(Note: If you scan with the same Antivirus that you had on the infected computer do you think it will find the virus it allowed in? I think not so use a better antivirus program.)
3. Scan your infected hard drive 2 times or more. The rule of thumb is to continue scanning until you have 2 full scans that give you No Virus Found Results.

If you are using AVG you must set your Preferences to scan "ALL FILES and FILE EXTENSIONS". By default AVG will only scan infectable files which doesn't include your infected MP3 music or video files. This was noted months ago and I have a post in the forums how to setup your AVG so it scans all files and extensions. It's slower but you wouldn't be reading this if you had setup things the first time.

4. Return the hard drive to the computer you pulled it out of.
5. Run http://www.avg.com/filedir/util/support/reset_access_avg9_en.exe to reset your Registry Permissions.
6. Download and install what I recommend AVG Free or Paid version AV. http://free.avg.com/download-file-ins-afg-free
7. Install a better firewall.

The firewall would have protected you from the virus connecting to other computers. The design of viruses is to download additional viruses that soon will control your full computer.
Typically if you have this virus you will have about 40+ other viruses detected when you scan.

That's about it. I'll detail things better when I get another computer to repair with this same virus. (Which will be here in a day after writing this post update I had a person call that is giving me their infected drive with this same virus.)

If you haven't started backing up and creating clean recovery disks you might want to follow our Technical process to do so.

For now you are here because of a virus you found that is listed here on this page.

Some of the new viruses today keep you from l doing much of anything and your FREE download AntiSpyware programs seem to add to the problems.

Quick Fixes are just Quick at messing things up more.

Here's the method that you'll need to start getting setup because viruses are only going to get worse.

To gain access to your Documents and Files after your virus has made your computer impossible to access.

Options:
1. Remove the hard drive and scan the infected hard drive with a good working computer that has a very fast antivirus detection time. (Ask)

You will need to scan your drive 2 or more times. We want the last 2 scans to say "Nothing Found".

2. Copy over your document folder with your history etc.
Under Local Files delete everything in your TEMP and Temporary Internet files. (Most likely part of the virus package is here.)

Once you have all your files backed up and you know they are not infected you have choices.

Format and reinstall your OS after you return your hard drive to the computer it came out of.

Install the hard drive and repair the installation of windows which will require your windows CD.

In any case you're going to need that Windows Disk you misplaced.
The viruses today seem to eat system files for lunch and recovery or restore might not help you at all.

Then you'll have to edit or run a program to edit your registry.

It's tough folks which means you might have to do extra work to make things easier when the hard Vur viruses hit.

Ask the techs what to do and post your system issues.


"Scan ""Scan whole computer"" was finished."
"Infections";"42";"42";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, December 18, 2009, 11:43:51 AM"
"Scan finished:";"Friday, December 18, 2009, 3:26:13 PM (3 hour(s) 42 minute(s) 22 second(s))"
"Total object scanned:";"516665"
"User who launched the scan:";"yo"

"Infections"
"File";"Infection";"Result"
"C:\WINDOWS\Temp\win32.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\Temp\win16.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VQ8FZLAA\SetupIS2010[1].exe";"Trojan horse Generic16.ACG";"Moved to Virus Vault"
"C:\WINDOWS\Temp\taskmgr.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\Temp\rdl35B.tmp.exe";"Trojan horse SHeur2.BZDV";"Moved to Virus Vault"
"C:\WINDOWS\Temp\ntload.dll";"Trojan horse SHeur2.BYOY";"Moved to Virus Vault"
"C:\WINDOWS\Temp\mdm.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\Temp\hhryim.exe";"Trojan horse SHeur2.BZMB";"Moved to Virus Vault"
"C:\WINDOWS\Temp\eh9el4m.exe";"Trojan horse SHeur2.BZMB";"Moved to Virus Vault"
"C:\WINDOWS\Temp\debug.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\Temp\avp.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\Temp\308996254.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\Temp\2916619800.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\WINDOWS\system32\wipalego.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\winupdate86.exe";"Trojan horse SHeur2.BZDV";"Moved to Virus Vault"
"C:\WINDOWS\system32\winlogon86.exe";"Trojan horse SHeur2.BZDV";"Moved to Virus Vault"
"C:\WINDOWS\system32\veketaha.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\vakimotu.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\tesavohi.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\rarayuna.dll";"Trojan horse Vundo.JF";"Moved to Virus Vault"
"C:\WINDOWS\system32\raditile.dll.tmp";"Trojan horse SHeur2.BZRD";"Moved to Virus Vault"
"C:\WINDOWS\system32\notepad.dll";"Trojan horse SHeur2.BYOY";"Moved to Virus Vault"
"C:\WINDOWS\system32\jurevewa.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\gomopiwe.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\foyuroke.dll.tmp";"Trojan horse SHeur2.BZRD";"Moved to Virus Vault"
"C:\WINDOWS\system32\firupifo.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\fibideja.dll.tmp";"Trojan horse SHeur2.BZRD";"Moved to Virus Vault"
"C:\WINDOWS\system32\dafanole.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll";"Trojan horse SHeur2.BYOY";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\ntload.dll";"Trojan horse SHeur2.BYOY";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\exe[1].exe";"Trojan horse SHeur2.BZDV";"Moved to Virus Vault"
"C:\WINDOWS\system32\bufezika.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\botapepe.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\waees.exe";"Trojan horse SHeur2.BZRD";"Moved to Virus Vault"
"C:\Program Files\InternetSecurity2010\IS2010.exe";"Trojan horse Generic16.ACG";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.dll";"Trojan horse SHeur2.BYOY";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\ntload.dll";"Trojan horse SHeur2.BYOY";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Local Settings\Temp\spoolsv.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Local Settings\Temp\nvsvc32.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Local Settings\Temp\notepad.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Local Settings\Temp\3386198294.exe";"Trojan horse SHeur2.BZMC";"Moved to Virus Vault"
"C:\dens.exe";"Trojan horse SHeur2.BZJG";"Moved to Virus Vault"

Internet Security 2010 IS2010.exe I'll call this program a virus but the program itself is not a virus as we know viruses. The only way to have the IS2010.exe run is to either Execute it from the banner advertisement or popup that you saw or by not having your scanner setup to monitor