This guide explains removal of amsecure.exe virus (a.k.a. Internet Security 2013) manually. Internet Security 2013 program you see at the screenshot belongs to the category of rogue security software. In other words, this is the tool that imitates some great anti-virus program and promises to remove all threats detected by it, however, such self-appraisals of this application are not supported by real facts. First of all, the viruses it claims to identify are not even present on your computer. Secondly, this rogue security tool detects almost all files you want to execute as the ones infected with W32.Blaster.Worm fake infection. Obviously, this can’t be true. In fact, it even identifies its own files as contaminated with W32.Blaster.Worm Trojan, and so far this is the only truth probably. Users can’t really observe the very infiltration of this malware. It does not ask for permission to enter your computer, so they can’t terminate the attack.
As soon as the malware is successfully brought into infected computer the virus adds its special registry entry into the system, thus making it possible for the rogue to be started automatically with Windows. Then it starts its brainwashing campaign by initiating the fictitious scan of your computer and telling about various types of viruses, malwares and other menaces allegedly detected by it on your computer. Why does Internet Security 2013 virus present all such fake infections? Simply because it wants you to think that it is a reliable anti-spyware program that you must purchase. It promises you to remove all those threats if you become its customer by obtaining the full or licensed version of this scareware. However, doing so would not do any good for you and your machine. If there are any serious viruses available on your computer they would still remain. The so-called licensed version of Internet Security 2013 fake anti-virus would neither detect nor remove them. So, buying it is the total waste of your funds.
The main executable of Internet Security 2013 virus is “amsecure.exe”. Knowing where this file is located on your computer is the key to successful manual removal of this malware. First, locate the file “amsecure.exe”. Make sure you have the option to view hidden files before doing this. Then you need to rename the virus file to other random name (for example, “virus.exe”). Reboot your computer. Internet Security 2013 virus will no longer be active. In the Registry Editor, locate this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security” and remove it. Then remove the file “virus.exe”. Virus should be completely gone, even though it is strongly recommended that you run some reliable anti-virus application to arrange full cleanup of your computer from all cyber threats. Consider installing powerful anti-virus software with real-time protection feature. Finally, keep reading this blog to be updated on cyber security in the world today.
Manual removal step-by-step guide:
- Depending on the type of your operating system, search for the file “amsecure.exe” in these folders – C:\Documents and Settings\All Users\Application Data\amsecure.exe for Windows XP and C:\ProgramData/amsecure.exe for Windows Vista, 7 and 8. Make sure you have the option to view hidden files and folders before searching for this file.
- Rename this file “amsecure.exe” to any random name (like “virus.exe“) and reboot your computer.
- Once you reboot the malware will no longer be active.
- Open your Registry Editor and search for this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security“
- Delete the above-mentioned registry entry when you find it.
- Delete the file that you renamed to random name (previously named as “amsecure.exe“).
- Download and install reliable anti-virus software for permanent anti-virus protection.
Internet Security system modifications:
Internet Security system process(es):
amsecure.exe
Internet Security file(s) added:
%CommonAppData%\amsecure.exe
%Desktop%\Internet Security.lnk
%Desktop%\Internet Security.lnk
Internet Security registry entry (entries) added:
HKEY_CURRENT_USER\Software\[random characters[
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”
File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
Thank-you.
My version was “midefender.exe” and located in the AppData\Roaming folder – looks like it gives itself a random couple of characters plus “defender.exe” as a file name now. I didn’t spot the desktop icon so found the necessary file by looking at the registry entry.
Help! I have completed the first part but now I can’t find it in the registry. Maybe I am not doing something right. I looked under Hkey files. Can’t find it. My virus is midefender and it infected computer July 16. Help me get this thing off. At least it’s not running anymore. Thanks in advance. Pam
Thank you
My version was called “mldefender.exe” and was located in the %AppData% location for the user.
I too didn’t have any desktop icons
So just renamed the mldefender.exe file , rebooted, found it in the registry (as stated)
Deleted it from the registry and deleted the file.
Rebooted. All gone.
Worked perfectly – thanks!
Well played!
Mine was called PCDefender. Your write-up was spot on and saved an older computer’s life.
Thank you!
I had this trouble too, but this one won’t let me install any downloaded files. It keeps erasing it the moment it finshes.
I have followed the above steps and everything seems to work. However upon trying to deactivate my firewall I am still presented with the error message ‘windows firewall can’t change some of your settings’
Please advise!!!
my file was msprotection.exe
I have managed to delete mldefener in safe mode but went to find amsecure to delete that and it wasnt there. I still cant manage to download any anitvirus software, it will download then near the end say it was deleted because it had a virus. I still can activate firewall or anything . . can some one please help
Try this video guide at YouTube http://www.youtube.com/watch?v=D3TvI-IUW08 This will explain to you how to stop the process of Internet Security virus.
Basically, you may download the utility called explorer.exe via http://gridinsoft.com/downloads/explorer.exe . Save it to your Desktop. Then run from Desktop. When the program has been launched type “Internet Security” and click “Scan”. The utility will detect Interent Security virus process (whatever it is) and will offer to you to kill it. This is what you should do (agree to kill it). This only kills the process but doesn’t remove Internet Security virus completely. Then you may remove it with any antivirus you like. As an example, with GridinSoft Trojan Killer downloadable through http://www.system-tips.net/download.php
Quite appropriately named, mine was
C:\Users\\AppData\Roaming\bsprotection.exe
Yes, that’s right. Here is the link to the direct article about bsprotection.exe – http://www.system-tips.net/remove-bsprotection-exe-virus/