Jump to content


Recommended Posts

On or about 4April 2012 I started to get messages to warn me that malicious programs had been detected. These messages were generated by a program called InternetSecurity.ink which appeared to have installed itself and scan my computer. Its executable file was isecurity.exe. Its target location was roaming. From the very start I suspected that this was a scamware program designed to frighten me into buying their program activation key. When I got a message to tell me that I had 91 useless and unwanted files on my computer any fleeting thoughts of activating security.ink were dispelled. I did have a problem though as not a single program including Internet Explorer and Windows Mail would open except McAfee Internet Security which continued to carry out scheduled real time scans and report that I was fully protected (no action is needed). The rogue InternetSecurity.ink program reported various malware infections. The most common one was W32Blaster-Worm which was said to infect the executable files of all the programs on my computer.

Malwarebytes has done a good job at cleaning up my computer. I can now get access to all my files.

I am concerned that my private data may have been compromised, including my life’s savings in bank accounts , building society savings accounts etc. I had left my computer switched on and unattended for three to four hours during which period it was connected to the internet. When I returned I got Security warnings & found that programs would not open. I switched off the computer. The following day I turned the computer on (with my router turned off) and was surprised that it booted up normally. All of the desktop icon were displayed but when clicked on them the associated programs failed with a message to say that the executable file was infected by W32Blaster-worm. However, I found McAfee Internet Security was carrying out a scheduled scan. I observed the progress of the scan going from file to file which took about 3 hours to complete. When it completed it reported that no viruses were found and my computer was secure (no action was required.). How could that be when not a single program would start.? I conclude that the rogue malware had made changes to the desktop shortcuts without infecting the actual programs? I had not tried to open any program directly instead of clicking on the desktop icons.

I attach LOGS of scans carried out on 12,13 & 14th April 2012. Are there any conclusions to be drawn therefrom regarding the potential risk to the security of data found on my computer?

Many thanks/


log of malbytes SCANS ON 12, 13&14 of April 2012.doc

Link to post
Share on other sites

  • 3 weeks later...

Hello JJmac,

Sorry that you had not been replied to. But the MBAM log did show a backddor trojan along with the Internet Security rogue.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. I would recommend that you do a full reformat and reinstall of Windows rather than clean the system.

I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Link to post
Share on other sites

Many thanks Maurice for your helpful advice. I am holding the infected computer off line until such times as I can get round to reformatting the hard drive, a task that I am not looking forward to. My home network consists of the infected computer, a laptop and another computer. Can I safely assume that the malware infection has not spread into the other 2 computers in my network? Can I also assume that it is safe to use the (previously) infected computer so long as it is not connected to the internet?.

Are there any precautions I should take when backing up files on the infected computer eg. are there any file types I should avoid.?

I have been badly let down by McAfee Internet Security which carried out a scheduled scan of my computer and reported that my computer was secure (no action required.) while in reality I was unable to open a single program by clicking on the desktop icons prior to Malwarebytes’ cleanup operation.

Link to post
Share on other sites

You should scan all the other systems with their antivirus program and antimalware program as a basic precaution.

You may also want to scan them with some online scanners. (see below)

The victim computer you are cautioned to only do what you really must do. Which mainly is to copy/backup personal files, personal documents, personal records to OFFLINE media like external USB drive, CD, DVD

Later on you will need to thoroughly scan these files with a up-to-date antivirus and antimalware BEFORE opening or using them or restoring them !

Don't necessarily blame McAfee Internet Security for the rogue malware coming into the system, as that can happen (say by freewheeling websurfing or surfing to an infected or malicious website) to anyone despite having antivirus & antimalware apps installed.

Note that having MBAM PRO installed along with an antivirus will reduce the odds in your favor.

For a clean (new) Windows Install:

Before you do that, make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

If you do not have the XP CD, your OEM will most likely have a factory restore partition on the HDD.

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

NOTE: If XP CD is from a pc manufacturer, and they bundled an AV like McAfee or Norton/Symantec trial versions, immediately de-install those, since they will be outdated & of no use. Install your antvirus immediately after.

After Windows is installed & antivirus installed / Updates / and safer practices & prevention

We are finished here. Best regards.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.