My customer is infected with this Internet Security 'Designed to Protect' malware as per some of these links:
2 links removed as now classified as dangerous by either SiteAdvisor or WoT...Moderator
My customer has McAfee consumer product Security Centre 11.6 - it did NOTHING. It didn't detect when it was installed and also can't remove it.
The Malware calls itself 'Internet Security' and says that the PC is infected with W32/blaster.worm.
McAfee refused to provide a removal tool or help in any way .....without me stumping up even more cash for their 'Virus Removal Team'.
I don't trust a lot of the sites I found on Google with suggested 'fixes' - most of which involved downloading more programs.
So does anyone have a verified SAFE proven method of getting rid of this virus/malware ?
Infected machine is Windows 8.
on 14/06/13 11:46:34 EDT AMMessage was edited by: Ex_Brit on 14/06/13 11:48:17 EDT AM
Moved to Malware Discussions.
No antivirus software, no matter what brand, is guaranteed to stop everything out there. The best prevenetion is an up to date system and software and careful use of same.
McAfee has no particular removal tool for these sorts of things other than what is listed in the last link in my signature below. None of the antivirus software makers do.
They do, however, have a virus/malware removal service but, like all software makers, charge for that service.
However there are always free alternatives.
The first suggestion whenever something like this hits is to power off. Better to lose whatever was on your desktop than the entire system.
Then reboot into Safe Mode and try to start System Restore. I've outlined in that link so other tools that can then be deployed.
These are the best removal guides on the web at the moment: http://www.bleepingcomputer.com/virus-removal/
..and here is the actual one I think: http://www.bleepingcomputer.com/virus-removal/remove-security-protection
OK the name is slightly different but I would imagine the procedures are the same.Message was edited by: Ex_Brit on 23/05/13 7:51:57 EDT AM
If you download Malwarebytes Free, which I always recommend, do NOT accept the free trial or you'll get the Pro version.
Also it's one of the few tools that can be downloaded, updated and run all in "Safe Mode with Networking: if necessary.
Thank you very much for the assistance.
However I would like to make the following point....
Yes - I agree no anti-virus should be able to stop everything/anything being installed....particularly if its new or the user has clicked on something they shouldn't
However my googling says that this malware is NOT something new.
So IMHO McAfee - or any of its competiors - should be able to remove it after its installed.
Otherwise the product is not living up to its marketing....and customers see it as deficient/defective and want a refund. My customer certainly felt this way.....especially given their PC has been rendered useless when they thought they were protected.
Well perhaps they will add it and any variants that may occur from time to time, I don't know when such things happen. The labs are constantnly adding to the database.
They do have specialist tools, all listed in that last link in my signature below.
Anyway, good luck.
I got this malware (Internet Security 2014) yesterday, which shut down the IE and didn't allow to run regedit.
It created a desktop icon that pointed to its executable insecure.exe, which could be renamed and thus prevented from running after rebooting the PC. Then the file could be deleted and the registry cleaned up.
Afterwards, I searched the McAfee virus DB, and it had an entry for this malware (insecure.exe), marked as a trojan, which was supposed to be added to the Security Suit as of 5/26/2013. Actually, the description of this malware was quite inaccurate.
I manually updated the security package and run it on this file, but it was not recognized as malware. After that I downloaded GetSusp.exe, and it did find this file suspicious along with many others normal files.
An automatic reply from the lab (with a reference number) showed blanks in the Findings column and not_detected in the Detection column for all files. The Type column contained Unknown for normal files, blanks for insecure.exe and 50.tmp created at the same time, and assumed_dirty for onecc.dll (unfamiliar, but very old file).
Hopefully, some users find it helpful.