What is IS2010.exe, How to remove IS2010.exe
IS2010.exe is a harmful program.
 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: IS2010
Filename: IS2010.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Internet Security 2010
Command: C:\Program Files\InternetSecurity2010\IS2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
DDS Line:
uRun: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Internet Security 2010″=C:\Program Files\InternetSecurity2010\IS2010.exe [2009-12-11 1391616]
Description: core component of Internet Security 2010. Internet Security 2010 is a rogue antispyware program.
How to remove: use these Internet Security 2010 removal instructions.
December 14th, 2009 at 3:20 am
I have a few clients which their PC has been infected. I removed the viruse from registry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Internet Security 2010
After remving this spyware. you also need to delete the folder from program files.
After remove this virus your internet stop working
you need to run this command on dos.
netsh winsock reset catalog
runnung this command it will take a minute to complete. restart you pc and you okay
December 14th, 2009 at 7:04 pm
This program has seemingly locked me out of my registry editor. It also will not allow me to delete it from program files despite my being logged in with a computer administrator account. My next move i guess is to log in as the administrator account in safe mode and see if I can delete it then, but I’m a little leery about doing this as this program seems to learn as I trouble shoot (after t supposedly turning it off in my task manager, I am now locked out of that utility. any suggestions? There is a program called prevx that claims it can fix this error but only if I buy it, have you herd of this program, and if so, is it legit?
December 15th, 2009 at 7:02 am
prevx is legit program, but you can use Malwarebytes Anti-malware or SuperAntispyware to remove it for free.
December 15th, 2009 at 2:12 pm
I am also locked out from task manager, windows folder options (viewing hidden files, etc.), Malwarebytes, ADware, and restarting in safemode.
I can however run Spybot S&D, and my McAfee Enterprise edition antivirus software, but I have not been able fully remove IS2010 yet.
I’ve deleted Internet Security 2010 from Program Files and from the start menu.
I have also found a way to unlock my registry editor (copy and paste the following into notepad and with quotations save as (make sure all files is selected as type):
December 15th, 2009 at 2:17 pm
Sorry…got cut off….paste this into notepad, save as “regedit.VBS” (with quotes and check that file type is set to all):
On Error Resume Next
Set shl = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“scripting.FileSystemObject”)
shl.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”
shl.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”
Execute file….should let you get to your registry now.
December 22nd, 2009 at 11:06 am
I tried running the vb script above, it’s complaining of an invalid character, won’t let me run it. Could use an executable version of the same thing.
This thing has gotten control of all admin functions now, doesn’t allow me to install the anti-malware, either, nor to do a reset. Anyway to hard start in safe mode?
December 24th, 2009 at 10:09 pm
redLit, to reboot your PC in Safe mode use the following steps: How to reboot computer in Safe mode
December 28th, 2009 at 4:17 pm
infected with IS2010.exe I went into Safe Mode. I deleted it from Program Files, emptied the Recycle Bin, ran %temp% and prefetch to empty both but I still cannot edit my Registry. Run: regedit will give me a warning message that this file is infected. I tried the regedit.VBS file but had to remove the ” marks otherwise I got the warning messageindicating line and caracter that was bad. Those were all the time the quotation marks. After removal of all those, I tried to run regedit.VBS but this didn’t do anything and I still cannot use regedit. Any idea on how to run regedit “through the backdoor?”
January 3rd, 2010 at 12:41 pm
For those having probs getting into regedit, I found that I could get into “msconfig” ok, if you can go to Tools in “msconfig” click “Registry Editor” then click “Launch” This worked for me after a couple of tries
January 8th, 2010 at 12:23 am
OK, so I am a tech who deals with calls about this virus. I found that if you removed the hard drive from the computer that is infected and use a HD reader on a computer that is clean and scan the hd with Malwarebytes and AVG Free they will remove the virus but before you disconnect and plug the HD back in your machine, go to
D:(which ever the hd comes up as) :\Program Files and remove the folder called Internet Security 2010. Then do a search on the hard drive for the following file/folder names
Internet Security(if you have nortan, contact nortan to verify which folder is theirs so you don’t delete their stuff, though I personal would, they suck!!!)
41.exe
22.exe
winlogon86.exe
winupdate86.exe
IS2010.exe
winhelper.dll
Internet Security 2010.lnk
After you have done a search for those files you may connect the hd back to your computer and log on as normal. This is where it gets tricky. You need to go to your regedit
Start
Run
Regedit
enter
On the left hand box click on Computer
Hit the cntrl and F keys at the same time to do a find. Do a search for the following names untill you have removed them all. If your unsure you ahve removed them all, click on Compture and do another search
is2010
Internet Security (if you have the nortan internet security do not remove, ask norton which one is theirs!!!!!!!!!!!)
winlogon86
winupdate86
winhelper86
You will also need to change a registry key. Not sure if this is the only one, but this is what i gathered from the forums for the past 5 hours.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
UserInit = c:\windows\system32\winlogon86.exe
back to:
UserInit = c:\windows\system32\userinit.exe
Now, after all that is said and done. Walla the virus is gone from your computer and your left with a really big paper weight. Your internet is turned off, your background settings can not be changed and some odds and ends services have been turned off. This is where I am stuck at. I do not know what I need to do to turn back on these issues. Ive been reading forums and talking with Norton for 5 hours now and have gotten nowhere. PS Norton chat support is completely useless. They have no idea what they are doing. If anyone has anything to add/subtract from this, please let me know so I can use it in the field to help these people. I want to try and help them as best as possible and doing complete re-formats aren’t pretty or cheap. Thank for everyone’s help.
January 8th, 2010 at 6:00 am
Don, thank you for the instruction. But one comment for readers, don`t reboot your computer before doing following:
January 10th, 2010 at 6:08 am
(XP) I turned the internet back on with freeware XP TCP/IP Repair, and I plan to refresh the USB device driver USBSTOR.sys which I suspect was altered. Other forums mention a \system32\critical_warning.html file in need of removal. I still haven’t managed to run Malwarebytes without something interrupting it. I may end up wiping because I’ll never know if I truly got rid of all traces.
Since this program solicits credit card payments, surely it would be easy to identify the account holder and shut him down…?
January 10th, 2010 at 6:32 am
Don,
I just found this: myantispyware home page re smss32 for a list of affected registry keys.
January 12th, 2010 at 8:14 pm
Well I also have the IS2010 virus on my PC with XPservice pack 3. And now I have a large paper weight also!!! All i get now is a blank screen and the fan motors running!! Any suggestions? I tried to use the start up disc with no results. I need any help that anyone can give me? I am on my wifes laptop and that really sucks because i have a dual monitor card and a 22 inch screen and a 20 inch screen shrunk down to a 15 inch laptop screen. HELP ME PLEASE!!!!
January 13th, 2010 at 9:34 am
mike, you can`t boot from Windows installation disk ? You have set your cd/dvd drom as default boot drive ?
January 18th, 2010 at 9:54 am
As a note:
Those that can’t access the registry editor and get a warning message every time it is started can do this:
1 – Copy the registry executable to your desktop
(c:\windows\system32\regedt32.exe)
2 – Rename the file to anything, just make sure you keep the .exe extension.
(regedt12.exe in my case)
3 – Double click it on the desktop to get it going.
4 – Make your changes as noted earlier.
Happy Hunting!
January 18th, 2010 at 4:09 pm
so I just booted in safe mode then activated system restore.. hope that works for everyone else too…
January 20th, 2010 at 1:42 pm
Booting to safe mode and system restore was my first choice. Unfortunately, safe mode kept blue screening on me (all of them). System restore would not work from a normal boot. Funny thing was, once I made the registry changes and removed the malware, I was able to boot to safe mode! YAY!
January 22nd, 2010 at 2:40 am
the people who developed IS2010 should be shot