Jump to content

Need advice following rogue "Internet Security 2010" removal


Recommended Posts

Hello all, this is my first post, very helpful forum,

I have just been infected a few hours ago with a rogue called "Internet Security 2010"

I removed it following these instructions very carefully : http://www.malekal.com/InternetSecurity2010.php

It seems to have worked

1. I ran Malwarebytes utility

2. I ran Combofix (my logfile is available if necessary)

Afterwards, I ran msconfig and unchecked a suspicious "wwwzuc32.exe" in my startup folder. I also manually removed this file.

My questions are the following :

Was wwwzuc32.exe a threat and why was it left after running Malwarebytes and Combofix?

Is there another precaution I should take now in order to be perfectly disinfected?

Thank you!

Link to post
Share on other sites

Hello vinzent, :angry:

First, please do not use ComboFix on your own without the guidence of malware frighters/experts. The tool is so powerful that it may cause system failure if used improperly. (You can get a better understanding why I said so in this post at bleeping computer).

As we don't work on Malware removal or diagnostics in the general forums, please follow the directions below.

  • Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. (In your case, include the combofix logs besides the logs required there.)
    One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • After posting your new post, make sure under options, you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.
  • Please be patient as the experts can get a bit busy.
    Please try not to reply your topic within the first 48 hours, as the expert helpers will try to find the topics which has a 0 post count first. If there is no reply from any experts after 48 hours, you can reply the topic for asking help again.
    If your post has not been replied over 5 days, you may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org.

Thank You :D

Link to post
Share on other sites

I got hit with that thing about a month ago, and I had to literally do a system restore from a windows 7 boot dvd to get rid of the damn thing. It wouldn't allow me to run any tool I had at my disposal.

System restore worked for me, but since then I have had between 60-200 blocked messages daily. I can not figure it out, I've run hijack this, and the random exe file described in another post that searches for rootkits. Nothing is ever found, and AVG / Malware show me as being all clean as well.

I've even tried analyzing packets, but I can't see where these blocked IPs are coming from. It must be happening too soon to even generate a visual update in the network analzyer I have.

Worst part is, almost all of the connections are from China. I don't use P2P. The Internet Security virus is the first virus I have ever found myself stricken by in my opinion, and I did not even willingly install it. It's mindblowing that even with AVG and MalwareBytes (fully registered) that this thing was able to self install. The problem was I had clicked a malicious google result by mistake, and it auto installed.

When I look at the logs prior to getting hit with that IS virus, I have no IP blocks at all. Past month though it's been driving me insane, I had to turn off the popup window entirely. Here's an example of the IPs being blocked just from the past hour and a half:

13:01:31 IP-BLOCK 89.28.118.73

13:02:11 IP-BLOCK 222.71.190.199

13:02:43 IP-BLOCK 222.71.190.199

13:02:51 IP-BLOCK 94.96.19.66

13:03:23 IP-BLOCK 222.71.190.199

13:04:03 IP-BLOCK 222.71.190.199

13:04:03 IP-BLOCK 222.71.190.199

13:04:51 IP-BLOCK 222.71.190.199

13:05:23 IP-BLOCK 222.71.190.199

13:05:23 IP-BLOCK 222.71.190.199

13:06:03 IP-BLOCK 222.71.190.199

13:06:11 IP-BLOCK 222.71.190.199

13:06:19 IP-BLOCK 58.240.152.10

13:06:27 IP-BLOCK 222.71.190.199

13:06:59 IP-BLOCK 222.71.190.199

13:06:59 IP-BLOCK 222.71.190.199

13:07:31 IP-BLOCK 222.71.190.199

13:07:31 IP-BLOCK 222.71.190.199

13:07:47 IP-BLOCK 222.71.190.199

13:07:47 IP-BLOCK 222.71.190.199

13:09:15 IP-BLOCK 121.13.102.191

13:10:11 IP-BLOCK 121.13.102.191

13:10:11 IP-BLOCK 121.13.102.191

13:10:19 IP-BLOCK 121.13.102.191

13:10:43 IP-BLOCK 121.13.102.191

13:11:23 IP-BLOCK 121.13.102.191

13:12:43 IP-BLOCK 121.13.102.191

13:13:23 IP-BLOCK 121.13.102.191

13:14:35 IP-BLOCK 121.13.102.191

13:14:51 IP-BLOCK 121.13.102.191

13:14:59 IP-BLOCK 222.70.208.224

13:14:59 IP-BLOCK 222.70.208.224

13:15:07 IP-BLOCK 222.70.208.224

13:15:31 IP-BLOCK 121.13.102.191

13:15:31 IP-BLOCK 121.13.102.191

13:15:47 IP-BLOCK 121.13.102.191

13:15:47 IP-BLOCK 121.13.102.191

13:16:59 IP-BLOCK 121.13.102.191

13:16:59 IP-BLOCK 121.13.102.191

13:16:59 IP-BLOCK 121.13.102.191

13:17:07 IP-BLOCK 121.13.102.191

13:17:31 IP-BLOCK 121.13.102.191

13:17:55 IP-BLOCK 121.13.102.191

13:17:55 IP-BLOCK 121.13.102.191

13:18:19 IP-BLOCK 121.13.102.191

13:18:19 IP-BLOCK 121.13.102.191

13:21:07 IP-BLOCK 121.13.102.191

13:21:07 IP-BLOCK 121.13.102.191

13:26:27 IP-BLOCK 95.211.13.145

13:27:07 IP-BLOCK 121.13.102.191

13:27:07 IP-BLOCK 121.13.102.191

13:28:35 IP-BLOCK 58.65.245.86

13:34:35 IP-BLOCK 121.13.102.191

13:36:03 IP-BLOCK 121.13.102.191

13:39:24 IP-BLOCK 121.13.102.191

13:39:24 IP-BLOCK 121.13.102.191

13:44:36 IP-BLOCK 58.241.135.166

13:46:44 IP-BLOCK 62.45.82.224

13:47:56 IP-BLOCK 211.20.51.242

13:48:36 IP-BLOCK 121.13.102.191

13:49:16 IP-BLOCK 58.65.245.86

13:49:56 IP-BLOCK 58.65.66.72

13:50:20 IP-BLOCK 121.13.102.191

13:53:40 IP-BLOCK 121.13.102.191

13:54:36 IP-BLOCK 121.13.102.191

13:58:12 IP-BLOCK 62.45.133.136

13:58:12 IP-BLOCK 62.45.133.136

14:01:48 IP-BLOCK 213.231.5.51

14:01:48 IP-BLOCK 222.70.208.224

14:01:48 IP-BLOCK 222.70.208.224

14:07:40 IP-BLOCK 121.13.102.191

14:07:40 IP-BLOCK 121.13.102.191

14:12:12 IP-BLOCK 89.28.64.38

14:13:56 IP-BLOCK 121.13.102.191

14:13:56 IP-BLOCK 121.13.102.191

14:14:52 IP-BLOCK 222.70.208.224

14:15:08 IP-BLOCK 194.165.0.6

14:15:16 IP-BLOCK 121.13.102.191

14:15:40 IP-BLOCK 87.118.86.154

14:15:56 IP-BLOCK 83.128.14.226

14:16:12 IP-BLOCK 121.13.102.191

14:16:12 IP-BLOCK 121.13.102.191

14:16:36 IP-BLOCK 58.240.158.173

14:16:52 IP-BLOCK 121.13.102.191

14:17:24 IP-BLOCK 121.13.102.191

14:17:32 IP-BLOCK 121.13.102.191

14:19:00 IP-BLOCK 222.70.208.224

14:23:17 IP-BLOCK 222.76.99.123

14:23:25 IP-BLOCK 121.13.102.191

14:23:33 IP-BLOCK 222.76.99.123

14:28:37 IP-BLOCK 121.13.102.191

14:28:37 IP-BLOCK 121.13.102.191

14:30:45 IP-BLOCK 121.13.102.191

14:30:45 IP-BLOCK 121.13.102.191

14:31:17 IP-BLOCK 89.28.21.110

14:31:41 IP-BLOCK 62.45.133.136

14:31:41 IP-BLOCK 95.211.13.145

14:32:21 IP-BLOCK 89.28.50.113

14:32:21 IP-BLOCK 121.13.124.27

14:34:45 IP-BLOCK 89.28.16.161

14:39:09 IP-BLOCK 121.13.102.191

14:43:17 IP-BLOCK 95.211.13.145

14:45:49 IP-BLOCK 121.13.102.191

14:45:49 IP-BLOCK 121.13.102.191

14:47:01 IP-BLOCK 95.211.13.145

14:47:09 IP-BLOCK 62.45.133.136

14:48:05 IP-BLOCK 58.65.245.86

14:53:49 IP-BLOCK 121.13.102.191

14:53:49 IP-BLOCK 121.13.102.191

14:53:57 IP-BLOCK 222.70.208.224

14:56:29 IP-BLOCK 58.240.78.142

14:56:29 IP-BLOCK 58.240.78.142

15:03:25 IP-BLOCK 121.13.102.191

15:03:25 IP-BLOCK 121.13.102.191

15:06:45 IP-BLOCK 58.240.152.10

15:06:45 IP-BLOCK 58.65.245.86

15:07:09 IP-BLOCK 121.13.102.191

15:07:09 IP-BLOCK 121.13.102.191

15:10:30 IP-BLOCK 121.13.102.191

15:10:38 IP-BLOCK 121.13.102.191

15:12:54 IP-BLOCK 222.64.114.56

15:13:10 IP-BLOCK 121.13.102.191

15:13:10 IP-BLOCK 94.96.57.250

15:14:06 IP-BLOCK 121.13.102.191

15:14:14 IP-BLOCK 121.13.102.191

15:15:50 IP-BLOCK 121.13.37.124

15:21:02 IP-BLOCK 121.13.102.191

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.