Recently, I have had a rash of clients with the same problem: a phony anti-virus program taking over their PCs. As a computer technician, I know that these phony programs can do a lot of damage. As a computer user, I also have to be extremely wary of what sites I visit and what I download to prevent system infection.

The truth is, anyone can be fooled.

Fake AV programs can wreak much havoc on your computer. The results range from annoying pop-ups to a complete shutdown of your system. As I always say, the best way to keep your PC safe is to avoid malware in the first place, but that isn’t always possible. So what can you do if you are infected with a virus masking itself as a helpful AV program? Let’s consider a current annoyance and how to remove it.

Rogue Name: Internet Security, Internet Security 2010, Internet Security 2011

Icons: A tell-tale orange ball may appear in your task bar or on your desktop. It looks similar to a small orange sun or planet.

Symptoms Include: Simply logging onto your computer begins the drama. Urgent pop-up boxes frighten you into thinking that your computer is in serious trouble. It is actually, but the culprit is the program that’s actually offering you the warning.

Like many other powerful rogues and viruses, this bug will forcibly turn off your Windows Defender program, prevent you from using any legitimate AV programs, and eventually prevent you from accessing the internet at all.

NOTE: Don’t bother trying to turn Windows Defender back on – this program won’t let you.

The rogue will also insist that you purchase a specific program to “fix” or “clean” your computer, but don’t fall for that! Never enter your personal information, such as a credit card number, and don’t click any links.

Recommended Treatment:
WARNING! Follow these step-by-step instructions only if you are at least an intermediate computer user. Attempting to remove a virus if you don’t know what you’re doing can make the situation even worse.

Your first priority is obviously to shut down that counterfeit AV program. The only way to do that is by manually shutting down the process itself. You can do this through your Task Manager. End the following processes: IS2010.exe, winlogon86.exe, winupdate86.exe and 41.exe. If you can’t open Task Manager, try using the handy (and free) tool Rkill, which was created by Bleeping Computer specifically for viruses like this one.

Once you’ve stopped the virus from running, it’s time to remove it. Use free software like Malwarebytes or the AV program of your choice. Once you’ve run as thorough and comprehensive a scan as possible, view the files that are being removed to ensure that you’ve gotten rid of all traces of the bug.

If you are an advanced computer user, there are also more detailed steps to take if the simpler instructions above aren’t helpful. The more advanced instructions won’t be included in this article, but can be easily found with a Google search. If none steps still don’t remove the rogue, you may need to contact a professional – you can always contact me, of course.

Known locations of infection: Primarily adult websites, some lesser known social networking sites, and a few shopping sites

Although this rogue can be defeated by taking a few simple steps, like any bug, it’s better never to contract it at all. Be wary online, even with familiar sites.