Internet Security 2010 is a rogue who performs this activity. The same is distributed through a crimeware called Siberia Exploit Pack. Below is a screenshot of the Desktop Hijack.
Terminate the processes called winupdate86.exe and IS2010.exe (eventually you can find the process winlogon86.exe).
NOTE: The malware can deshactiva conventionally access to cmd, registry and the Task Manager, therefore, to complete the process easily recommend using Process Explorer.
Then, access the system registry and delete the following keys:
In HKLM\Software\Microsoft\Windows\CurrentVersion\Run delete the key Internet Security 2010.
Under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run delete the key winupdate86.exe.
Under HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit change the call reference that points to C:\WINDOWS\system32\winlogon86.exe with C:\WINDOWS\system32\userinit.exe.
Unregister the dll call winhelper86.dll
NOTE: To perform this action you must access the Start/Run/cmd and type regsvr32 /u [dll name].
Delete the folder InternetSecurity2010 located at C:\Program Files, and files 41.exe (this number may vary found files with numeric names such as 5705.exe, 28145.exe, etc.), winhelper86.dll, winlogon86.exe and winupdate86.exe found in C:\WINDOWS\system32\.
Remove also the direct link called Internet Security 2010 which is on the Desktop and reboot the machine.
Install and run an updated antivirus
Malware Disasters Team Ver más