Personal Internet Security 2011 is classified as a rogue antivirus program which means that it doesn't provide proven anti-virus protection or reports false system security threats. This fake security program uses deceptive sales tactics to scare up sales from confused users. It performs a fake scan on your computer and states that you are infected with spyware, trojans and other malicious software, e.g. Packed.Win32.PolyCrypt, Trojan-PSW.Win32.Dripper, Trojan-Spy.HTML.Bankfraud.ix. After the fake scan, Personal Internet Security 2011 will prompt you to pay for a full version of the program to remove viruses from your computer and to ensure full system protection against malware. You need to remove Personal Internet Security 2011 from your computer. Do not purchase it. If need help removing this rogue program from your computer then please follow the steps in the removal guide below.
Personal Internet Security 2011 is from the same family as Internet Antivirus 2011 and My Security Shield, so its behavior is well known. This rogue program may be downloaded by trojan downloaders or installed when the fake alert is clicked. Usually, it has to be manually installed but in some cases installation occurs without user knowledge or consent. While Personal Internet Security 2011 is running, it will display numerous fake security warnings about imaginary threats and infections on your computer.
Warning! Identity theft attempt detected
Target: Microsoft Corporation keys
Just like the fake scan results, these fake warnings are only being used to make you think that your computer in infected with malicious software. The rogue program changes Windows Hosts file and your LAN settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer and update your antivirus software. Furthermore, it may block legitimate programs on your computer as well.
The main executable of Personal Internet Security 2011 is located under C:\Documents and Settings\All Users\Application Data\[randomly named folder]\, e.g. "sqhdr5". The main exe should be "WKsra_249.exe" or similar. The easiest way to remove the main executable of this rogue program is to use Task Manager while logged in as another user, track down the file and deleted it. Then go back to normal mode and use malware scanner to remove the remains of Personal Internet Security 2011. Another way to remove Personal Internet Security 2011 is to restart your computer in safe mode with networking, disable proxy server for LAN in Internet Explorer and download anti-malware software. For more information, please follow the removal instructions below. Last, but not least, if you have purchased Personal Internet Security then contact your credit card company and dispute the charges. And, of course, if you have any questions about this malware, please leave a comment. Good luck and be safe online!
Personal Internet Security 2011 removal instructions:
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate Personal Internet Security 2011 removal instructions using HijackThis or Process Explorer (in Normal mode):
1. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
2. Download Process Explorer.
3. Rename procexp.exe to iexplore.exe and run it. Look for similar process in the list and end it:
- WKsra_249.exe
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it. Search for similar entries in the scan results:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25520
O4 - HKCU\..\Run: [Personal Internet Security 2011] "C:\Documents and Settings\All Users\Application Data\sqhdr5\WKsra_249.exe" /s /d
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Personal Internet Security 2011 associated files and registry values:
Files:
- C:\Documents and Settings\All Users\Application Data\sqhdr5\
- C:\Documents and Settings\All Users\Application Data\sqhdr5\WKsra_249.exe
- C:\Documents and Settings\All Users\Application Data\sqhdr5\35.mof
- C:\Documents and Settings\All Users\Application Data\sqhdr5\[SET OF RANDOM CHARACTERS].dll
- C:\Documents and Settings\All Users\Application Data\sqhdr5\[SET OF RANDOM CHARACTERS].ocx
- C:\Documents and Settings\All Users\Application Data\sqhdr5\MSSSys\
- C:\Documents and Settings\All Users\Application Data\SMEYFE
- %UserProfile%\Application Data\Personal Internet Security 2011\
- %UserProfile%\Application Data\Personal Internet Security 2011\cookies.sqlite
- %UserProfile%\Application Data\Personal Internet Security 2011\Instructions.ini
C:\Documents and Settings\ (for Windows 2000/XP)
C:\Users\[User Name]\AppData (for Windows Vista & Windows 7)
Registry values:
- HKEY_CLASSES_ROOT\PersonalIS.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:25553"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Internet Security 2011"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
0 comments:
Post a Comment