Update 2010-09-04: “Antivirus GT”
The same spyware now seems to circulate as “Antivirus GT”. The following description applies the same.
January 18th, 2010
About this Spyware
For a couple of days, we receive emails that there is a spyware called "Internet Security
2010" that has our name in the version resource.
This spyware is not from us!
If you went to this page because you have this spyware on your computer, we are very sorry. But we cannot fix it. Apparently, the creator of this spyware used the demo version of our development software Restorator to edit the resources of the spyware. Our demo version places our name and a link to our web site in programs edited with Restorator. The full (payed for) version will not do that.
To repeat: the hackers used our software. Our software is a development tool. It is not meant for creating or editing viruses. But any development software can be used to create evil software. For example, it is likely that the hackers used Microsoft Visual C++ for compiling the evil code (it’s easy to find out if they did). Neither Microsoft nor Bome Software is responsible for this virus.
About Bome Software GmbH & Co. KG
Bome Software GmbH & Co. KG is a legitimate company with useful products. We do not produce malware, spyware, trojans, or the like. We are in business for more than 10 years. To learn more about us, go to the page About Bome Software.
How to Remove the Spyware
We do not know how to remove it. We recommend to use a virus scanner (preferably from a boot CD) and try to let the antivirus remove this spyware. The section below also contains hints from people writing us how they removed it.
A user reported that the following link helped him to remove some parts of the virus:
Check out their forum to see discussion from other users who have this spyware, for example here.
Here are some other links that claim to have removal instructions that I found with Google:
What people wrote us
Quotes from emails we got that may help you to remove the spyware. If you have successfully removed the spyware, please contact us.i know its not from your company. i have been reading up and malware bytes is effective but it is hard to remove while running windows and seems to require the system to be booted from a boot CD such as unbuntu. usuing google i found many keys and stuff that had the locations but some changed
— Thomas E
Ok here is what you do, go to “my computer>hard drive>program files>internet security2010>properties. open th file, properties, you have to get to MSDOS command line, delet the command line, delete the file, empty the trash, restatrt the computer, run anti virus, that will get rid of it. Then run a anti spy ware also.
— Rich W
What this virus is actually doing is putting extra block tags on your system files. Such as an extra value on the file to make is seem as if the file is corrupt or missing.
You can do one of two things
1. Go thru all of your system files in the registry and internet files and delete all files which should not be there. To find what you are looking for go to RUN, CONFIG, START-UP. The first two boxes checked will display what the virus is using in the tags.
2. Go back to the system registry and search for these names (run, registry), it will come up with any place this file name appears. Also, make note that there will be other names displayed with the start-up names and you should search for these as well.
3. When you have cleared all the files get your reinstallation cd for windows and do a fix on the computer (self explanitory when you pop in the disk).
4. Restart your computer and update the windows. Then run your anti virus software again to catch any straggler files.
You can completely wipe out your windows and reinstall it new (recommended if you dont know how to decipher regisrty files).
You must back-up all of your files and drivers before the wipe as the windows program will be the only thing on your hard drive when you are done. When the new windows is up and running just reinstall any programs you had on the computer before and ur good to go.
— Lisa W