Saturday 9 January 2010

InSysSecure malware. What is it and how to remove this virus?

InSysSecure is a rogue anti-spyware application that should be avoided and removed from a computer upon detection. This fake program doesn't have an English language version. Likely, it will be distributed in Europe: France, Germany and Italy. The homepage of this virus is insyssecure .com (don't visit it)InSysSecure has to be manually installed either form its homepage or via fake online scanners and other bogus websites. Notionally it may come bundled with other malicious software too.



Basically, InSysSecure is a Trojan virus that displays fake GUI and reports false scan results. In order to remove supposedly found infections you have to buy this fake software. The rogue program also displays fake security alerts stating that your computer is infected and should be cleaned immediately. Some of the fake infections read:

"Spzprogramm Warnzeichen! Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von InSysSecure zu registrieren und Ihr PC von Spyprogramm frei zu machen."

InSysSecure is a scam, don't buy it. The removal of this virus shouldn't be very complicated. However, note that it may come together with other Trojans, so the manual removal guide stated below may not work for all users. In such cases, download an anti-spyware application, update it and run a full system scan. 

Anti-Malware applications:
If you can't download any of the above programs, try to remove InSysSecure manually. Manual removal instructions:

Remove these directories:
  • C:\Program Files\InSysSecure Software 
  • C:\Documents and Settings\All Users\Start Menu\Programs\InSysSecure 

InSysSecure files:
  • InSysSecure.exe
  • main_config.xml
  • uninstall.exe
  • [RANDOM].exe in C:\WINDOWS\system32\ folder
  • 29495zy1d5.exe
  • 1 InSysSecure.lnk
  • 2 Homepage.lnk
  • 3 Uninstall.lnk
  • 103215zoj198.dll
  • 10543v5zus929.bin

Registry values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\InSysSecure 
  • HKEY_CURRENT_USER\Software\InSysSecure
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InSysSecure
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "InSysSecure"
     

No comments:

Post a Comment