Did you try an abrupt power off and then reboot into Safe Mode with Networking - there you could download Malwatebytes Free, update and run it, all in that mode, and get rid of the thing or at least try System Restore to before it all started.Message was edited by: Ex_Brit on 04/06/13 11:40:36 EDT AM
The best way to get rid of this malware (Internet Security 2013) is to do it manually. First of all, you will need to terminate its malicious process called amsecure.exe. This can be done using taskkill.exe command. But, there's another manual solution to removing the rogue.
Visit this guide for more information on how to remove this virus - http://www.system-tips.net/remove-amsecure-exe-manually/
Like you I also was hit by a ransomware trojan calling itself Internet Security 2013, and demanding money to remove it. This malware sailed straight through my up to date McAfee anti virus and firewall, and turned it off.
It also disabled Cntl-Alt-Del Task Manager access, and hid or deleted the BIT (Bit Intelligent Transfer) service, which made it impossible to access Microsoft Update to look for a fix.
I managed to manually remove this bug, but was still left with no BIT service, and Windows only partially usable. So I contacted McAfee support to see if they had a removal tool for this trojan, to make sure it was fully removed, or if they could offer me any advice.
I spoke to someone in an Indian call centre with very poor English, who was not interested in what particular attack I had suffered, and had no interest in helping me other than putting me through to a premium service sales queue. I pointed out that this was not a new virus, as I had read an article about this which was posted on the internet 11 days ago. I said that as your useless software had allowed this virus in, that I expect your company's help for free in removing it. I even spoke to his manager who simply repeated the same mantra.
The Trojan writers demanded money to remove a virus which they had written.
Now McAfee are demanding money to remove a virus that their subscription anti virus S/W failed to detect.
Is there really a difference?
McAfee aren't demanding money,. but like all antivirus vendors, they charge for professional malware removal, should you choose that avenue of approach, it's optional. There are always free alternatives.
No doubt you've read here, in other threads and elsewhere online that none of the regular antivirus software are capable of stopping these things because of the way they work.
If you had powered off without touching any keys or your mouse you could have saved the problems by rebooting to Safe Mode and then going back in time using System Restore.
Your best bet is to run Hijackthis and post its log on one of the specialist forums listed near the end of the last link in my signature below.
I did power crash my computer, but not before trying to stop the false Internet Security program.
System Restore was also disabled by this attack, so I was not able to use this even after removing the virus.
When booting in Safe Mode with Networking, I noticed that the McAfee S/W was turned off. Each time I turned it on, it turned itself back off again. This left me with no confidence in using Safe mode. Although I could turn on the AV software if I booted normally.
As I could not get any telephone assistance from McAffee support without paying for a premium service, I gave up, and deleted the system partition and rebuilt Windows on another disk.
My three user licence subscription, which I have had for four years, is up for renewal in two weeks time.
Somehow, I cannot see me renewing it.
That's too bad but you shouldn't blame your security software, no matter what brand, as the end result probably would have been the same no matter what you had installed. Those ransomware pests require some kind of user interraction to activate them, even one mouse click or keystroke can do it.
Good luck and remember to keep everything totally up to date and be careful where you surf and what you download.
It would seem most people agree with my position - if its NOT a new piece of Malware McAfeee should at least be aware of it - and even if McAfee can't stop it being installed initially it should be able to remove it. In this case this Internet Security malware seems to have been around in one form or another for quite some time.
So McAfee obviously has a perception / marketing issue to do deal with - can't say your product is 'all that' when it clearly is a much more basic service / can't protect against or remove known malware.
Al lthat said, I can confirm your recommendations worked for my customer. So thank you to you on a personal basis - McAfee not so much.
That's what they have Stinger for I believe.
They explained it me a while back, if the regular antivirus was rigged to stop everything like this, there would be an outcry because so many legitimate applications would also be stopped, games especially. I know that sounds crazy, but that's what we were told.
When I said major antivirus software doesn't stop this stuff, I was quoting what I've read on numerous independent anti-malware forums and even Microsoft themselves not McAfee. I don't work for them so I don't have any set lines I have to recite.
"That's too bad but you shouldn't blame your security software, no matter what brand, as the end result probably would have been the same no matter what you had installed. "
I am sorry, but I do blame McAfee. This is not a new trojan, so by now your AV s/w should be able to block it.
For a newer threat I would at least expect MCAfee to have supplied me with a free removal tool.
However, my real criticism is for the total lack of help that I received from McAfee.
Unless you pay for a premium service it is impossible to speak to someone technical.
Instead you are dealt with by a poorly trained bloke working in a foreign call centre, reading from a script.
If as you say these trojan attacks can pass clean through fire walls and AV s/w, then what is the point in paying for this product?
You might as well install Windows AV or AVG Free, and spend your money on buying a spare disk drive to backup your system disk to. A bootable image copy of your C drive will get you out of a hole a lot quicker than any leaky AV program.Message was edited by: unimpressed on 6/4/13 5:24:23 PM CDT
Yes 'Un-impressed' I have to agree about McAfee's support response. As someone in IT who deals with a large range of AV products McAfee's response was completely useless i.e. instant referral to their Premium service and a call centre operator who was not at all interested in the actual problem.
For example, a number of my small business customers have Trend Micro Worry Free Business Security Advanced. Recently when one of my customers started getting fake Jetstar emails with an .exe trojan attached I was able to log it with Trend and they took a full copy of the suspect email and came back with an update for the Trojan. Problem solved. No cash $$$$$.
I think the point is that if one customer gets a stack of these trojan emails then its guaranteed that most of the world will as well - and therefore I maintain ITS PART OF YOUR VENDORS SERVICE / MAINTENANCE FEES TO KEEP UP TO DATE WITH THESE TROJANS.
That is certainly the perspective of every one of my customers - they pay annual maintenance and they have an expectation they are protected and will be supported if/when something like this happens.
What would happen if your insurance company suddenly said "Oh I'm sorry you thought you were covered for fire - you need to pay for our premimum service to fix your house".