"Internet Security 2010" virus ... help!????

TGIF

New Member
Hi! Despite Norton's usually good protection, Norton 360 just let a virus take over our little Toshiba Satellite 32bit laptop running Windows XP (Media Center Edition...). It blocks access to internet, so we can't download or get remote help.
It does not show up on the computer's list of installed programs so there is no entry on the list to delete or uninstall. It blocks Task Master so we can't use TM to stop it. It is happy to let us run full, comprehensive scans with Norton -- which reports that it finds no infections whatsoever (so it is invisible to Norton!). Although, the norton events log did note a "medium security" violation from outside when this all started -- meaning Norton did realize an infection was entering the computer. But Norton did not block it and the log entry says there is no user action to be taken.
Meanwhile, it pops up nunerous (at one time I got a bit behind and wound up counting 9 of them!) "error messages" of various types, all consistently saying that it had found various serious security infections or problems and that we need to click to purchase their program to fix them. Of course, the only security infection we really need to fix is this "internet security 2010" virus itself!
We spent a day on the phone with a nice Microsoft lady who ran us through dozens of tries to remove the infection. This failed to work, however, and they are going to try further in a couple days after they have chance to study it more...? Norton's phone lines are backlogged, apparently in major part with this problem. And their email intake won't ingest... you write the problem and push the button to send the form to them and their webpage just sits with it and tells you to wait. We waited 3 hours and Norton's website still won't accept emails reporting problems with their "protection" program.

Meanwhile, we are being shaken down by this "internet security 2010" virus' protection racket to pay them off to remove their infection....or else our little computer is fit only for the junquepile.

We cannot use internet and we cannot do much else with the computer due to all the fake warning messages popping up all the time. Even these are tricky, you have to read them because they keep switching back and forth which button you have to click on to delete them (you make one mistake and they will switch you over to their purchase department...?)
We would very very much appreciate a simple means of fixing (getting rid!) of this pesty infection. (And if we can find out who is doing this to innocent people, I for one will be happy to file a criminal complaint with the proper authorities....)
Thanks for any help! MuchoAppreciato
TGIF:mad: (though, we will probably be up all night again trying to fix this poor little laptop since it has medical records on it that are really really needed....)
 

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop

jp07764

Vista Guru
If you can save you files to cds or a usb stick or externel hard drive.
That is the most important thing to do first.
Then if you can boot the computer in safe mode with networking and
see if you can get on the net. Download Maleware bytes (a free program)
install it update it run it.
If that does not work you may have to redo windows.
Some times the effort you put in to removing that crap you would be better off
just to wipe it.
That is why I wanted you to save your files right away.

I know I was not much help but I tried.

Jimmy
 

My Computer

System One

  • Manufacturer/Model
    Gateway
    CPU
    intel core 2 Extreme QX6700
    Motherboard
    intel
    Memory
    3 gigs
    Graphics Card(s)
    NVIDA
    Sound Card
    Creative SB X-FI
    Monitor(s) Displays
    Gateway 24 HD Monitor
    Screen Resolution
    1920 by 1200 pixels
    Hard Drives
    2-500 gigabyte hard drive
    Western digtal

TGIF

New Member
Thanks. Thanks. Fortunately we did not wipe the disk yet. Ha!
We willl read the stuff you referred us to and try to decifer it.
Thanks for helping and please DO feel invited to keep posting here if you can think of anything else.
Incidentally, I did download the free malware program to another computer and it seemed to do some good there. But alas, we cannot connect to internet at all with this InternetSecurity2010 virus on the Toshiba laptop.....it is pure HELL!
:mad: if we ever find out who is putting this :sa: on the internet to trap innocent people I suggest they be sent directly to one of the lowest levels of Dante's Inferno. I will gladly give the first shove!
Thanks again for all the help you can think to post, much appreciate your kindness.
 

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop

rhlhamlet

IT Guy
Vista Guru
The sad thing about your having the virus is YOU downloaded it in the first place by falling for one of those ads to "clean your computer". You and thousands of others were tricked. Be careful in the future. In the meantime.. here is a link with instructions on how to rid yourself of this nasty malware: Remove 2010 Virus
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion Desktop
    CPU
    Intel E2220 Dual 2.40 ghz 2400 mhz 2 core
    Memory
    4gb Ram, 3.87gb physical memory, 7.95gb virtual meory
    Graphics Card(s)
    Nvidea
    Internet Speed
    DSL 1.5

jp07764

Vista Guru
Always set up your computer to use a limted user account.
Only use the admin account for installing and maintence.
That way when you are on the internet nothing can get in
and be installed.

Just a little advice for the future.

Jimmy
 

My Computer

System One

  • Manufacturer/Model
    Gateway
    CPU
    intel core 2 Extreme QX6700
    Motherboard
    intel
    Memory
    3 gigs
    Graphics Card(s)
    NVIDA
    Sound Card
    Creative SB X-FI
    Monitor(s) Displays
    Gateway 24 HD Monitor
    Screen Resolution
    1920 by 1200 pixels
    Hard Drives
    2-500 gigabyte hard drive
    Western digtal

TGIF

New Member
Well, we finally got Malwarebytes to run .. (loaded it with a usb stick). It ran and found 33 infections (seems mostly or all InternetSecurity2010.... will plow thru the log and see if anything else is hidden in there but it seems IS2010 attaches itself to almost every part of the computer).
Told Malwarebytes to remove the infections. It said it removed some and could not remove others but those would be removed upon restart. So naturally we restarted.
We are now re-running Malwarebytes and... it is in progress now....so final report not available yet but....... so far it ha loooked at several thousand objects and found zero infections (by this time on its first pass it reported over a dozen infections!)
So we are very hopeful. More later here when we have more to report. We tried once to connect to the internet again but thus far .... have not succeeded. That will be the big test....

oops, Malwarebytes just found one objected infected...after 25000 inspected objects. We will look at the log when its ready to see what this infection might be....
Later,
thanks for any all further ideas.
IF we can connect to the interent we think we will run a windows live onecare scan and cleanup next? that is, IF we can connect to the internet!!!>>??
thanks again
TGIF
 

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop

TGIF

New Member
PS: it has now scanned 36000 objects and so far only has found the one infection...
it has a ways to go so I need to go get a bite to eat and come back. what I wanted to say tho is....since running the first pass of Malwarebytes the little laptop has not displayed a single popup warning us that the eschaton is about to happen if we dont't send them $$$ to remove their dam&ed virus!
In this period of time the virus would have displayed about 100 popups already, but not a single one has appeared...since running Malwarebytes. So we are very very hopeful......
later...later.... thanks for any ideas comments much appreciated! we sure hope we can get connected back to the internet soon!
 

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop

jp07764

Vista Guru
When you are done scanning and still no internet
Open the command prompt type in ipconfig/release
this will disconnect next type in ipconfig/renew
this will reconnect and renew connection
then ipconfig/flushdns this will clean out the garbage websites

I know i sounds like it will take a long time but it will only take 5 minutes.
You can have windows do it but it will take 15 minutes.

Hope I was some help to you.
Also glad to hear you cleaned it.

Jimmy
 

My Computer

System One

  • Manufacturer/Model
    Gateway
    CPU
    intel core 2 Extreme QX6700
    Motherboard
    intel
    Memory
    3 gigs
    Graphics Card(s)
    NVIDA
    Sound Card
    Creative SB X-FI
    Monitor(s) Displays
    Gateway 24 HD Monitor
    Screen Resolution
    1920 by 1200 pixels
    Hard Drives
    2-500 gigabyte hard drive
    Western digtal

TGIF

New Member
Thank you all! This note sent to you from the previously-totally-disabled laptop.
Malwarebytes is finishing soon its second scan. It has found 2 infections so I will tell it to remove them and see if it does so.
Norton360 suddenly work up a few minutes ago to advise us that the machine was infected and that Norton took care of it and all is well again in the world and the End of Days will not take place this evening.
I can only GUESS that Norton/Symantec got word of all these InternetSecurity2010 infections and decided to do something about it. It looks like the Norton360 virus defintions have been updated to deal with IS2010 now. I say this because just as soon as Mawarebytes got done removing most of the infections, Norton360 shows that its virus defintions were updated on this laptop here. Meaning, when Malwarebytes restored internet connectivity, Norton360 was able to get into this laptop to update its virus defs to deal with the problem,.
Or so all the time logs and event sequences seem to indicate.
In addition to the Malwarebytes second scan, we are doing also a Norton360 total system scan. And after THAT, we are thinking of doing a microsoft live one scan.

What do folks think of purchasing the Malwarebytes payprogram for computers that are connecting to internet frequently? So far I am quite impressed with the Malwarebytes free program.....(which of course does not run all the time). Would it be worthwhile to pay for the MalBytes program that does run continuously? Your thoughts > and many thanks, I will update either today or tomorrow Sun or Monday if possible to give final word on whether we really have a fix here. So far, it appears that maybe we do....
Thanks!!!!
 

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop

Juan Cesar

New Member
Always set up your computer to use a limted user account.
Only use the admin account for installing and maintence.
That way when you are on the internet nothing can get in
and be installed.

Just a little advice for the future.

Jimmy
Hi Jimmy! please excuse my english. Your advice is useful, especially for those like me, people with a limited knowledge on general security when surfing the web.
That is a simple but efficient umbrella we must to keep open in front of copious malware rain. Of course a good AV must be in guard, but serious rates shows efficacy up 98 percent,nearly, talking for a very good one!
Thanks
Juan
 

My Computer

System One

  • Manufacturer/Model
    Toshiba Satellite L505-SP6998
    CPU
    Intel(R) Core(TM) 2 Duo CPU T6500 @ 2.10 GHz
    Memory
    3.00 GB
    Mouse
    Samsung Peleomax

jp07764

Vista Guru
The only thing about having malwarebytes running full time is that it will not play nice with norton.
You can still have the program but only run it once a week.
Since you got you computer up and running if you have a windows disc retail or oem
but it must be a windows disc run sfc to make sure all windows files are right
this will help you http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html?ltr=S this works on XP also.
After a infection such as this it is wise to run this.
It will not break anything so do not worry if anything it will replace files the thing screwwed up.

Jimmy
 

My Computer

System One

  • Manufacturer/Model
    Gateway
    CPU
    intel core 2 Extreme QX6700
    Motherboard
    intel
    Memory
    3 gigs
    Graphics Card(s)
    NVIDA
    Sound Card
    Creative SB X-FI
    Monitor(s) Displays
    Gateway 24 HD Monitor
    Screen Resolution
    1920 by 1200 pixels
    Hard Drives
    2-500 gigabyte hard drive
    Western digtal

dinesh

Vista Expert
Vista Guru

My Computer

System One

  • Manufacturer/Model
    Compaq
    CPU
    intel core 2 duo T 5550 @ 1.83 MHz
    Motherboard
    intel 965 chipset family
    Memory
    2 GB DDR 2 SD RAM @ 667 MHz
    Graphics Card(s)
    On board upto 358 MB RAM
    Sound Card
    Onboard
    Monitor(s) Displays
    15"
    Hard Drives
    160 GB WDC

TGIF

New Member
Thanks!
I tried to do a sfc run. It wants the windows disk. This computer came from Toshiba with Windows installed. Toshiba provided (2 disk set) "Toshiba Recovery and Applications/Drivers Media" ... but that was several years and system upgrades ago.... I have those Toshiba disks -- wondering whether they would do the job for the sfc scan (without putting in outdated program elements or files??) after so long and what with the intervening Windows upgrades?

Interesting.... no popups anymore, the computer runs as if it is completed cured ever since we did the first Malwarebytes scan.

Norton woke up, finally, as noted, and found one infected file and fixed it.

Then we re-ran Malwarebytes and it found 2 more infected files and fixed them.

Then we ran a windows Live online scan... and it found THIS which it says it cannot fix.......

"Trojan ----- Win32/tliloti.gen!D
at .... c:\windows\alinekule.dll ("likely infected" it says)

WindowsLive has just created its technical information file on this invader and says it has no information yet to offer about it. It asked that we report the incident to Microsoft, which of course we did.

I appreciate the note about maybe Malwarebytes running some sort of problem with Norton360? I decided to pay for Malwarebytes and install it so it will run all the time on this machine. This decision was based on the free version of the program's spectacular performance of fixing this machine so it runs again.... but if Malwarebytes shows any propensity to interfere with N then I will turn off its "run all the time" command and just run it manually as often as I can remember to do it.
The $15 was at any event a "thank you" gift to the company ... they deserve at least that much !!

I will report here any further changes or progress. we are running anotner malwarebytes scan now. We ran another Norton360 scan before that and it said everything was just fine with no infections but ...just like its failure to pick up any of the 33 infections Malwarebytes found..... N360 also failed this morning to detect the infection that MicrosoftLive discovered, as above. I am not entirely happy just right now with Norton's performance here..... we will see...

Thanks again for any and all ideas ... much much appreciated. I thought this laptop was ready for the junqueyard
tgif:geek::geek:
 

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop

jp07764

Vista Guru
Glad to hear it is running great.
The most important is to flush system restore.
Just turn it off wait a min and turn it back on.
This will delete all restore ponits.
You do not want the ones while infected so you must do this.
Just go to computer propties you will see
the tab for it.
Easy to do.
Again I am glad I was able to help you.
Glad you are up and running.

Jimmy
 

My Computer

System One

  • Manufacturer/Model
    Gateway
    CPU
    intel core 2 Extreme QX6700
    Motherboard
    intel
    Memory
    3 gigs
    Graphics Card(s)
    NVIDA
    Sound Card
    Creative SB X-FI
    Monitor(s) Displays
    Gateway 24 HD Monitor
    Screen Resolution
    1920 by 1200 pixels
    Hard Drives
    2-500 gigabyte hard drive
    Western digtal

TGIF

New Member
Hi! Well, it checks out clean again....with Norton360 full scan and with Malwaresbytes full scan.
As you may recall, I purchased a key to enable Malwaresbytes to operate in real time on this Toshiba laptop. Since, the program contributed so very greatly to getting rid of InternetSecurity2010 virus. But, alas, I have turned Malwarebytes off.
First, it blocked access to one of our email host IP sites. SO, we could not get our email. The program has a listing box where you can list sites to ignore, that is, the program will let you connect. But it took an hour to find out how to add a site to this box, there was no button to click to directly do this at the listing box.

Secondly, now it turns out that Malwarebytes started blocking COM3, that is...,it turned off the com port. So, we could not connect at all to the internet ..again!!!! But now it was Malwarebytes stopping the connection and not InternetSecurity2010 virus. Same result, tho...., cut off from the internet,.

SO, we have turned Malwarebytes off and figure that our license fee to them was still a good donation to their cause. Perhaps they will get their program working a bit better in these other respects, for it did a fine job of helping rid us of the pesky virus. When they get their program working better in these other respects, we will gladly purchase more licenses for a number of additional machines to run it on.

Thanks very very much to the helping souls here that guided us to Malwarebytes and also in the other aspects of getting this laptop working again. Much much appreciated. You are very kind to help other folks. Thanks Thanks.:D:D:D:D
 

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop

Corrine

Banned
Hi, TGIF.

It would be best to stick to one thread rather than starting a new one. It is less confusing that way and anyone trying to assist will know what tools have already been run.

I suggest that you go to Jotti: Jotti's malware scan
Upload the filepath shown below into the "File to upload & scan" box at the upper left:

c:\windows\alinekule.dll

Please upload the same file at VirusTotal: VirusTotal - Free Online Virus and Malware Scan
In the "Upload a file", browse to the file path above and upload the file.

Please provide the results from both Jotti and VirusTotal in your reply.
 

My Computer

TGIF

New Member
OK Corrine I just posted this reply at the other thread but you asked for it here and I apologize for the booboo.. Here is the reply here as you asked...
thanks!

Join Date: Jan 2010

V for business SP2 32bit
19 posts



Rep Power: 1





Re: Trojan Win32/tliloti.gen!D (remove?)
Wow, those are wonderful sites you are using to scan for infections. Thanks for telling about them.
The results are attached, per your note.
THANK YOU for any (hopefully very very very easy, automatic) ways to remove this very sneaky infection (which seems able to hide from most of the scan programmes, ha!)
Much appreciated, TGIF
attachments (2)

(2 attachments, my note was only to say thanks for referring us to the sites you are using...and for any help you can give us for a very easy, hopefully, removal of this sneaky infective agent. ) Attachments are attached to this note now. THanks. again. TGIF
 

Attachments

My Computer

System One

  • Manufacturer/Model
    Lenovo laptop
Top