Home / malware Internet Security
First posted on 21 November 2013.
Source: MicrosoftAliases :
There are no other names known for Internet Security.
Explanation :
Threat behavior
Installation
Internet Security modifies the following registry entry so that it runs each time you start your PC:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "Internet Security"
With data: <path and filename where malware was launched>, for example "%APPDATA%\meprotection.exe"
Payload
Displays fake alerts and scanning results
When launched, Internet Security displays a fake scanner interface such as the following:
The scanner tells you it found a number of infections on your PC and that you must activate the product before the threats can be removed:
Activation warnings are displayed if you interact with the scanner interface:
The fake scanner also shows you warning messages at random times, such as those below:
Stops processes
Internet Security stops any non-system critical processes that are running on your PC. It also stops any executable files from being launched, including your security software. The message falsely claims that the program you are trying to launch is infected with a worm:
Analysis by Jireh Sanico
Symptoms
The following could indicate that you have this threat on your PC:
- You see these entries or keys in your registry:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "Internet Security"
With data: <path and filename where malware was launched>, for example "%APPDATA%\meprotection.exe"- You can't run some programs, including your security software
- You see these pop-ups:
Last update 21 November 2013
