Fake Scanner Sites
Google Search Redirects
Internet Security Suite
Alias: Internet Security Suite, Fake Internet Security Suite, Internet Security Suite Virus, Internet Security Suite Trojan
Description: Posted on: Dec 1, 2010 3:25am
Internet Security Suite is a new variant of Security Master AV and Smart Engine. Internet Security Suite is a fake antivirus product which hijacks your computer and uses scare tactics to get you to purchase the full version. Just like its predecessors, Internet Security Suite is very good at eluding detection. In order for Internet Security Suite to stop you from removing it, it disables your existing antivirus and antispyware programs and blocks access to help forums and to major name brand antispyware and antivirus vendor websites. It also disables Task Manager so that you don't shut it down manually. Additionally, Internet Security Suite modifies your 'hosts' file which basically hijacks your Internet connection. This can be used to block access to certain websites, and to re-direct your searches to websites of Internet Security Suite's choice. Internet Security Suite adds several hundred entries to your registry under the 'Image File Execution Options' key. These entries are used to block access to several hundred programs.
Internet Security Suite occasionally harasses the user with warnings and messages saying that their computer is infected and is under attack from hackers. In most cases we have seen, Internet Security Suite was installed by a trojan or mistakenly downloaded from one of many fraudulent Fake Scanner Sites.
Internet Security Suite displays exaggerated fake scan results similar to those shown below:
If you are unable to run programs, this is because Internet Security Suite has disabled them.
Internet Security Suite Special Removal InstructionsPlease make sure to bookmark this page as you may need to refer back to it to complete the removal steps.
IMPORTANT NOTE: IF YOU ARE ABLE TO RUN PROGRAMS ON THE INFECTED COMPUTER, START WITH 'STEP 1a' AND SKIP 'STEP 1b'.
Step 1a: Read IMPORTANT NOTE above! Download SpyNoMore onto the infected computer. If you are unable to download SpyNoMore directly onto the infected computer, you can download it to a clean computer and transfer it to the infected computer (by using a network or a flash drive).
Step 1b: Read IMPORTANT NOTE above! Download SpyNoMore onto the infected computer. If you are unable to download SpyNoMore directly onto the infected computer, you can download it to a clean computer and transfer it to the infected computer (by using a network or a flash drive). NOTE: This version of the installer will be named iexplore.exe.
Step 2: Double-click the downloaded file to install SpyNoMore on the infected computer. When the installation is completed, SpyNoMore will check for and download available updates which may alert Antivirus Studio 2010 to its presence at which point Internet Security Suite may shut down SpyNoMore. If SpyNoMore is shut down by the infection, simply restart SpyNoMore from the desktop shortcut.
Step 3: SNM will scan your computer and if Internet Security Suite is present, SNM will detect it and you will be able to see either Internet Security Suite or Security Master AV in the scan results. These two are the same product. Please note that the free version of SpyNoMore will only show you the detections but will not remove them. In order to remove the infection you need to purchase a 1-year license which costs $29 (or $39 for 3 computers). In all cases, you will be able to see Internet Security Suite in the free version scan results.
Step 4: After the scan is complete and you are able to see Internet Security Suite in the scan results, you can purchase the activation key and proceed to remove the infection. If you are unable to purchase the activation key from the infected computer, you can do so from a clean computer by clicking on our Purchase link on spynomore.com. Simply write down the activation key and use it to activate SNM on the infected computer. This will remove Internet Security Suite and restore your internet connection. You will again be able to run your programs and applications without trouble.
Step 5 (optional): It would be a good idea to check your computer for rootkits (which are basically hidden trojans) which may have tagged along with Internet Security Suite. To do so, download and run TDSSKiller by Kaspersky Labs.
Step 6 (optional): If TDSSKiller does find a rootkit, it will ask you to restart your computer so that it can remove the rootkit(s). After your computer restart, scan your computer once more with SpyNoMore to make sure everthing is OK.
Hint: If SpyNoMore is unable to download updates, click on SpyNoMore's 'Settings' button and uncheck the box that says 'Use Internet Explorer settings'.
Hijacker - A Hijacker is a software application that takes control of your browser's settings. Usually it changes your home page and redirects it to some unknown site or modifies your search settings. It prevents you from changing back your browser's settings. An infected browser usually operates much slower.
Ransomware - Ransomware is a software application that infects a computer and asks for money to have the infection removed.
Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly normally via malware programs, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs.
Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy.
SpyNoMore removes Internet Security Suite: Yes
Threat risk: Very High Risk
Extremely dangerous malware. Uses stealth installation, randomly named entries and has the capability to self update or resurrect after incomplete removal. Almost impossible to remove manually. Category mostly consists of trojans and spyware.
nternet Security Suite gets installed without your permission.
Inability to run programs.
You cannot simply uninstall nternet Security Suite as it is malware and does not come with an uninstaller.
Inability to open Task Manager.
Running Process Signatures:
Registered Dll (Dynamic Link Library) Signatures:
SpyNoMore Collected Residual File Signatures: