This guide explains removal of amsecure.exe virus (a.k.a. Internet Security 2013) manually. Internet Security 2013 program you see at the screenshot belongs to the category of rogue security software. In other words, this is the tool that imitates some great anti-virus program and promises to remove all threats detected by it, however, such self-appraisals of this application are not supported by real facts. First of all, the viruses it claims to identify are not even present on your computer. Secondly, this rogue security tool detects almost all files you want to execute as the ones infected with W32.Blaster.Worm fake infection. Obviously, this can’t be true. In fact, it even identifies its own files as contaminated with W32.Blaster.Worm Trojan, and so far this is the only truth probably. Users can’t really observe the very infiltration of this malware. It does not ask for permission to enter your computer, so they can’t terminate the attack.
As soon as the malware is successfully brought into infected computer the virus adds its special registry entry into the system, thus making it possible for the rogue to be started automatically with Windows. Then it starts its brainwashing campaign by initiating the fictitious scan of your computer and telling about various types of viruses, malwares and other menaces allegedly detected by it on your computer. Why does Internet Security 2013 virus present all such fake infections? Simply because it wants you to think that it is a reliable anti-spyware program that you must purchase. It promises you to remove all those threats if you become its customer by obtaining the full or licensed version of this scareware. However, doing so would not do any good for you and your machine. If there are any serious viruses available on your computer they would still remain. The so-called licensed version of Internet Security 2013 fake anti-virus would neither detect nor remove them. So, buying it is the total waste of your funds.
The main executable of Internet Security 2013 virus is “amsecure.exe”. Knowing where this file is located on your computer is the key to successful manual removal of this malware. First, locate the file “amsecure.exe”. Make sure you have the option to view hidden files before doing this. Then you need to rename the virus file to other random name (for example, “virus.exe”). Reboot your computer. Internet Security 2013 virus will no longer be active. In the Registry Editor, locate this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security” and remove it. Then remove the file “virus.exe”. Virus should be completely gone, even though it is strongly recommended that you run some reliable anti-virus application to arrange full cleanup of your computer from all cyber threats. Consider installing powerful anti-virus software with real-time protection feature. Finally, keep reading this blog to be updated on cyber security in the world today.
Manual removal step-by-step guide:
- Depending on the type of your operating system, search for the file “amsecure.exe” in these folders – C:\Documents and Settings\All Users\Application Data\amsecure.exe for Windows XP and C:\ProgramData/amsecure.exe for Windows Vista, 7 and 8. Make sure you have the option to view hidden files and folders before searching for this file.
- Rename this file “amsecure.exe” to any random name (like “virus.exe“) and reboot your computer.
- Once you reboot the malware will no longer be active.
- Open your Registry Editor and search for this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security“
- Delete the above-mentioned registry entry when you find it.
- Delete the file that you renamed to random name (previously named as “amsecure.exe“).
- Download and install reliable anti-virus software for permanent anti-virus protection.
Internet Security system modifications:
Internet Security system process(es):
amsecure.exe
Internet Security file(s) added:
%CommonAppData%\amsecure.exe
%Desktop%\Internet Security.lnk
%Desktop%\Internet Security.lnk
Internet Security registry entry (entries) added:
HKEY_CURRENT_USER\Software\[random characters[
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”
File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
I had this virus but it was called something different. The name was changed to “itsecurity.exe” and it was not exactly in the place where your notes said but I did find it by the date on the file (date I had the problem). Anyway, I followed the procedure you supplied and it worked great. Thank you very much. I had to use a separate machine to google how to edit the registry and such but this was all first for me and I am so happy I was able to get this resolved with your help.
Thanks again.
Dear Dan,
Are you sure it was itsecurity.exe and not itdefender.exe ?
After wasting many hours with other suggestions I found and tried this. I did not find the virus names suggested. In my case it was named ihdefender.exe and located in AppData/Roaming. I deleted it and modified the registry as instructed, and success!!!!
Thanks!
It was called ITdefender or something for me, and everything works now.
THANK YOU, I got like 50 viruses randomly.
The virus leaves an icon called Internet Security Pro.
Right click the icon and show the properties. Then look for the target file and that should give the location of the virus. In my case, the virus was called tdefender.exe. I renamed it, then the virus stopped. Then I deleted the process in task manager and then deleted the tdefender.exe file.
It’s much easier than it looks! Took me about 5 minutes to figure out.
Happy Virus Finding,
Tom
I have this malware virus now.. Is it possible to locate it in safety mode? I can’t log on normally now.. After I put in my password to log in I just get a blank screen with just the cursor
Worked like Charm. Thank you
In my case I found this virus named like mwdefender.exe. I tried Malwarebytes in order to remove It. MB found it and apparently deleted it but when the PC restart It began again So I made the steps above and everything is ok now.
Admin,
Yes, the virus was called itsecurity.exe.
Interestingly, I was infected again just a few minutes ago and it had yet another name. I should have recorded it. However, I recognized the problem and I searched for any updated *.exe file that was edited as of today and the new virus showed up. Then I just proceeded with the steps as they are described above.
I get this virus while using Google News. Sometimes I click on one of the categories in Entertainment. I clicked on an article from the New York Daily News about Leah Remini leaving the Church of Scientology, and I think that is where I got the virus. But I can’t be positive. Maybe it was some surfing just before that.
Perfect. The right click on desktop icon was the key to finding the virus. Fix worked perfectly.
Thank you very, very much, this was extremely helpful and accurate. Similarly to some other people though, I found that I didn’t have an amsecure.exe file, but rather an hidefender.exe file located in %AppData%\Roaming. So thank you again for the help.