Kill Rogue Malicious Process

Internet Security 201x is a fake antivirus software, displaying lots of fake warning.

InternetSecurity2012

If your PC is a victim of such rouge malicious process (yes its not a virus, which remains undetected even with best antivirus security suite).

Then run following command in start–> run

taskkill /F /IM isecurity.exe

follow the syntax and case sensitivity

execute the command few more times to make sure that the process is not running anymore.

Remove these registry entries
HKEY_LOCAL_MACHINE\Software\ISECURITY.EXE
HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “ISECURITY.EXE”
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Internet Security 201x?

Remove these Internet Security 201x files:
All Users\Application Data\isecurity.exe
All Users\AppData\isecurity.exe
C:\WINDOWS\Prefetch\ISECURITY.EXE-1824C86D.pf

Its now time to install legitimate antivirus.
make a full scan with latest antivirus
make windows update
restart your PC

Advertisements

Barracuda defends open-source antivirus from patent attack

By Ryan Paul | Published: January 29, 2008 – 09:04AM CT

Mail and security appliance vendor Barracuda Networks announced plans today to defend the open-source ClamAV antivirus program from dubious patent threats made by Trend Micro, a prominent security software company. Trend Micro claims that its US Patent 5,623,600 broadly covers the concept of server-based antivirus software on FTP and SMTP gateways.

Trend Micro alleges that Barracuda’s inclusion of the open-source ClamAV server-based antivirus software in commercial network security appliances constitutes patent infringement. Trend Micro has already wielded this patent against Symantec, McAfee, and a number of smaller companies, who have settled out of court despite issuing public statements denying that the patent is valid. For most companies, the cost of settlement is cheaper than the cost of protracted litigation—a factor that companies count on when they attempt to collect licensing money.

The most cost-effective solution for Barracuda would likely be to negotiate a licensing agreement with Trend Micro that provides limited patent indemnity to Barracuda customers (much like the controversial agreement between Microsoft and Novell), but Barracuda is unwilling to consider that option because it would leave all other downstream users at risk. In an effort to protect the ClamAV project and its users from predatory infringement claims, Barracuda has decided to take the matter to court rather than settling. The company announced today that it has already filed for a declaratory judgment that Trend Micro’s patent is invalid.

“Trend Micro’s actions illustrate that ClamAV and other open-source projects remain vulnerable to commercial patent holders attempting to unjustly hinder the free- and open-source community,” said Barracuda CEO Dean Drako in a statement. “Trend Micro appears to be seeking an interpretation of its ‘600 patent such that it would have exclusive control of gateway antivirus scanning. Scanning for viruses at the gateway is an obvious and common technique that is utilized by most businesses worldwide. So this interpretation would mean that anyone, including the owners of the more than one million active ClamAV installations, could potentially be sued by Trend Micro.”

Open source and ubiquitous security

The prevalence and remediation costs of computer-related crimes like identity theft have sharply increased in the past decade. Although harsher penalties and stronger enforcement have done little to stem the tide of cybercrime, evolving security software offers the potential to decrease exposure to threats.

It is important to remember that when circumstances deprive an organization of the ability to provide adequate computer security, society as a whole bears the burden of the aggregate risk. Consider the relevance of this point in the context of gateway antivirus filtering software. If Trend Micro’s patents prevent free distribution of ClamAV and some organizations consequently decide to abandon gateway antivirus filtering altogether, their machines become vulnerable to the risk of infection and could become part of botnets that send more virus spam. A single company’s lack of security software could provide hundreds or even thousands of new nodes for deploying additional viruses through a multitude of vectors, thus contributing to increased security risks for everyone.

The need for pervasive adoption of security software is very clear, but security obviously needs to be affordable before it can become ubiquitous. Open-source development models present a means by which security software can be made universally accessible, even to cash-constrained organizations like government agencies and non-profits (the state of Vermont uses ClamAV on all of its e-mail hubs, where it scans approximately 250,000 messages every day). Unfortunately, Trend Micro’s patent wielding threatens to undermine the availability of open-source gateway antivirus software, to the extreme detriment of universal computer security.

Trend Micro has declined to respond to our requests for comment about whether or not the company intends to target noncommercial ClamAV users, like the state of Vermont.

Trend Micro’s patent threats also discourage the emergence of new commercial and proprietary entrants in the gateway antivirus software market, effectively limiting competition and decreasing the rate at which such software will increase in efficacy. That obviously has a very negative impact on overall computer security.

The search for prior art

Legal filings submitted to the United States International Trade Commission by Barracuda in response to Trend Micro’s suit include a massive list of prior art that spans numerous pages. During our own independent analysis that we conducted prior to reading Barracuda’s legal filings, we also identified a number of the same products as prior art relevant to Trend Micro’s patent.

Barracuda’s research into the prior art is impressively detailed and turned up a few intriguing revelations that we missed. For instance, Barracuda notes that one of the inventors listed on Trend Micro’s patent must have been cognizant of the prior art, because during her previous employment at Intel, she was directly involved with work on the LANDesk Virus Protect product. That particular point provides grounds for challenging the procedural validity of the patent.

“As a second and separate affirmative defense, the ‘600 patent is unenforceable by virtue of Trend Micro’s inequitable conduct in the preparation and/or prosecution of the ‘600 patent,” says a Barracuda legal filing dated June 2007. “In particular, at least Eva Chen, a named inventor on the ‘600 patent who was involved in the preparation and prosecution of the application that led to the issuance of the ‘600 patent, was aware of prior art material to the patentability of the ‘600 patent by virtue of her work at Intel, and failed to disclose such prior art and/or misrepresented such art to the Patent Office and/or the prosecuting attorney.”

Barracuda’s meticulous ITC filing is practically a comprehensive overview of the history of server-based antivirus software in the time prior to Trend Micro’s work in the field. The patent is very clearly without merit, but that hasn’t stopped Trend Micro from using it to threaten ClamAV and extort money from several companies. Situations like this demonstrate a very urgent need for patent reform and illuminate the risks posed by broad software patents, particularly in the area of security.

Best Practices Computing

Here are few highlights of best practices for computing enthusiast, by default it doesn’t mean that by following the theory below secure’s your PC completely, day by day new threats are evolving and malware writers are circumventing new methodologies to bypass anti-threat systems. Keep abreast of latest in emerging threats and follow the suggested workaround by the relevant anti-system providers.

1. Don’t open attachments that you aren’t expecting.

One of the best ways to prevent a virus infection is to discard attachments you aren’t expecting, even if the attachment comes from a known source. Viruses will often come from people you know if their machines have become infected. Always ask the sender if you are not sure about the attachment.

2. Protect your system with anti-virus software.
Install anti-virus software on your system. There are many free products you can use if you don’t want to purchase a commercial product. (remember Google is your best friend)

3. Update your antivirus software often.
Installing anti-virus software will not help if you do not keep it up to date. Make a habit of downloading new virus definitions at least once a week.

4. Scan all new files before opening.
When downloading files and attachments, always scan them before you open them. The same rule of thumb applies to files you copy from floppy disks or other removable media.

5. Scan your system regularly.

After installing anti-virus software, it is important to scan your system on a regular basis. Most products will allow you to schedule a scan so it is performed automatically.

6. Download only from trusted sites.
Virus authors will often post infected copies of files on the Internet for download. If the site is not a trusted one,do not download from it. Examples of untrusted sites might be chat rooms, instant messengers, personal homepages and news groups. Try to find the homepage of the company that created the f ile to download a trusted version.

7. Schedule regular backups of important files.
Always schedule regular backups of your important data. If your system is infected with a virus, you may lose your documents to corruption or deletion.

8. Password protect shared drives.
Not all viruses spread through e-mail; Some viruses can spread through Windows Networking and shared drives. If you have a shared drive or folder on your system, make sure to password protect the share. This will keep the virus from gaining access.

9. Stay informed of new threats.
Spend a few minutes every week making yourself familiar with the new virus threats that are released. Your antivirus vendor should post new advisories to it’s homepage on a daily basis.

10. Install security patches provided by your operating system vendor.
Many viruses and worms exploit holes in your operating system to do their damage. Applying patches and updates as they are released will help minimize your risk of being infected.