Search This Blog

Friday, May 3, 2013

amsecure.exe - malicious process of Internet Security virus

amsecure.exe is the malicious process of Internet Security fake anti-spyware application that now occasionally targets many computers in various parts of the world. This fake AV is also referred to as Internet Security 2013, even though the malware with similar name first appeared quite a long time ago. The problem with this rogue security software is that it can't be deleted easily. First, since this application is a rogue it surely doesn't come with uninstaller. You cannot find the option to remove the program in the Control Panel where you can easily Add or Remove any software. Running security applications to detect and get rid of Internet Security malware isn't an easy undertaking. The hoax reports all legitimate files as infections. The key to successful removal of Internet Security rogue is terminating (stopping) its malicious process named amsecure.exe. In this guide we'll explain how to make it possible.

First of all, when dealing with rogues like Internet Security 2013 you must be very careful not to fall into its various tricks. The primary and probably the only goal of this hoax is to make users buy its fake licensed version, which is not able to remove real security threats. The only thing this rogue is capable to do is to report invented files as infections. For example, whenever you try to launch some security software, your browser or even Task Manager, the malware will come up with the following or similar statement:

Explorer.exe can not start
File Explorer.exe is infected by
W32/Blaster.worm
Please activate Internet Security to protect your Computer.

As we've mentioned, instead of "Explorer.exe" there can be any other legitimate file you attempt to execute. The malware simply wants you to be extremely scared about the condition of your computer. For this reason it creates many unreal threats and reports them as real on your machine. Each time you launch the computer this rogue comes up and begins "scanning" your computer. In fact, this is a fake scanning as well. The rogue self-starts itself without user's permission, and this is surely a very annoying fact. Basically, to stop its malicious process named "amsecure.exe" you need to act according to the following pattern:

  • Terminate the virus process by going to Start->Run, then taskkill.exe /F /IM amsecure.exe . If you failed to terminate the process from the initial attempt you might try doing it several times.
  • Once the malware process is killed (terminated) you may use your browser to download GridinSoft Trojan Killer for virus removal.

Removal guide:

http://trojan-killer.com/remove-internet-security-virus-uninstall-guide/

Similar removal video:

Recommended software for rogue removal:

malware removal tool


Internet Security system modifications:

Internet Security system process(es):

amsecure.exe

Internet Security file(s) added:

%AppData%\amsecure.exe
%Temp%\winupd.exe
%WINDOWS%\Prefetch\AMSECURE.EXE-1824C86D.pf

Internet Security registry entry (entries) added:

HKEY_LOCAL_MACHINE\Software\AMSECURE.EXE
HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “AMSECURE.EXE”
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Internet Security"

No comments:

Post a Comment