Remove amsecure.exe manually

TumblrStumbleUponDiggShare

This guide explains removal of amsecure.exe virus (a.k.a. Internet Security 2013) manually. Internet Security 2013 program you see at the screenshot belongs to the category of rogue security software. In other words, this is the tool that imitates some great anti-virus program and promises to remove all threats detected by it, however, such self-appraisals of this application are not supported by real facts. First of all, the viruses it claims to identify are not even present on your computer. Secondly, this rogue security tool detects almost all files you want to execute as the ones infected with W32.Blaster.Worm fake infection. Obviously, this can’t be true. In fact, it even identifies its own files as contaminated with W32.Blaster.Worm Trojan, and so far this is the only truth probably. Users can’t really observe the very infiltration of this malware. It does not ask for permission to enter your computer, so they can’t terminate the attack.

Internet Security 2013

As soon as the malware is successfully brought into infected computer the virus adds its special registry entry into the system, thus making it possible for the rogue to be started automatically with Windows. Then it starts its brainwashing campaign by initiating the fictitious scan of your computer and telling about various types of viruses, malwares and other menaces allegedly detected by it on your computer. Why does Internet Security 2013 virus present all such fake infections? Simply because it wants you to think that it is a reliable anti-spyware program that you must purchase. It promises you to remove all those threats if you become its customer by obtaining the full or licensed version of this scareware. However, doing so would not do any good for you and your machine. If there are any serious viruses available on your computer they would still remain. The so-called licensed version of Internet Security 2013 fake anti-virus would neither detect nor remove them. So, buying it is the total waste of your funds.

The main executable of Internet Security 2013 virus is “amsecure.exe”. Knowing where this file is located on your computer is the key to successful manual removal of this malware. First, locate the file “amsecure.exe”. Make sure you have the option to view hidden files before doing this. Then you need to rename the virus file to other random name (for example, “virus.exe”). Reboot your computer. Internet Security 2013 virus will no longer be active. In the Registry Editor, locate this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security” and remove it. Then remove the file “virus.exe”. Virus should be completely gone, even though it is strongly recommended that you run some reliable anti-virus application to arrange full cleanup of your computer from all cyber threats. Consider installing powerful anti-virus software with real-time protection feature. Finally, keep reading this blog to be updated on cyber security in the world today.


Manual removal step-by-step guide:

  1. Depending on the type of your operating system, search for the file “amsecure.exe” in these folders – C:\Documents and Settings\All Users\Application Data\amsecure.exe for Windows XP and C:\ProgramData/amsecure.exe for Windows Vista, 7 and 8. Make sure you have the option to view hidden files and folders before searching for this file.
  2. Rename this file “amsecure.exe” to any random name (like “virus.exe“) and reboot your computer.
  3. Once you reboot the malware will no longer be active.
  4. Open your Registry Editor and search for this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security
  5. Delete the above-mentioned registry entry when you find it.
  6. Delete the file that you renamed to random name (previously named as “amsecure.exe“).
  7. Download and install reliable anti-virus software for permanent anti-virus protection.

Internet Security system modifications:

Internet Security system process(es):

amsecure.exe

Internet Security file(s) added:

%CommonAppData%\amsecure.exe
%Desktop%\Internet Security.lnk
%Desktop%\Internet Security.lnk

Internet Security registry entry (entries) added:

HKEY_CURRENT_USER\Software\[random characters[
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security”

File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.

Tagged , , , , , , . Bookmark the permalink.

28 Responses to Remove amsecure.exe manually

  1. Dan says:

    I had this virus but it was called something different. The name was changed to “itsecurity.exe” and it was not exactly in the place where your notes said but I did find it by the date on the file (date I had the problem). Anyway, I followed the procedure you supplied and it worked great. Thank you very much. I had to use a separate machine to google how to edit the registry and such but this was all first for me and I am so happy I was able to get this resolved with your help.
    Thanks again.

  2. Gary says:

    After wasting many hours with other suggestions I found and tried this. I did not find the virus names suggested. In my case it was named ihdefender.exe and located in AppData/Roaming. I deleted it and modified the registry as instructed, and success!!!!
    Thanks!

  3. Bob says:

    It was called ITdefender or something for me, and everything works now.
    THANK YOU, I got like 50 viruses randomly.

  4. Thomas says:

    The virus leaves an icon called Internet Security Pro.

    Right click the icon and show the properties. Then look for the target file and that should give the location of the virus. In my case, the virus was called tdefender.exe. I renamed it, then the virus stopped. Then I deleted the process in task manager and then deleted the tdefender.exe file.

    It’s much easier than it looks! Took me about 5 minutes to figure out.

    Happy Virus Finding,
    Tom

  5. Emery says:

    I have this malware virus now.. Is it possible to locate it in safety mode? I can’t log on normally now.. After I put in my password to log in I just get a blank screen with just the cursor

  6. Siddesh says:

    Worked like Charm. Thank you

  7. serch says:

    In my case I found this virus named like mwdefender.exe. I tried Malwarebytes in order to remove It. MB found it and apparently deleted it but when the PC restart It began again So I made the steps above and everything is ok now.

  8. Dan says:

    Admin,
    Yes, the virus was called itsecurity.exe.

    Interestingly, I was infected again just a few minutes ago and it had yet another name. I should have recorded it. However, I recognized the problem and I searched for any updated *.exe file that was edited as of today and the new virus showed up. Then I just proceeded with the steps as they are described above.

    I get this virus while using Google News. Sometimes I click on one of the categories in Entertainment. I clicked on an article from the New York Daily News about Leah Remini leaving the Church of Scientology, and I think that is where I got the virus. But I can’t be positive. Maybe it was some surfing just before that.

  9. LVK says:

    Perfect. The right click on desktop icon was the key to finding the virus. Fix worked perfectly.

  10. Nathan says:

    Thank you very, very much, this was extremely helpful and accurate. Similarly to some other people though, I found that I didn’t have an amsecure.exe file, but rather an hidefender.exe file located in %AppData%\Roaming. So thank you again for the help.

  11. Joey says:

    Thank-you.
    My version was “midefender.exe” and located in the AppData\Roaming folder – looks like it gives itself a random couple of characters plus “defender.exe” as a file name now. I didn’t spot the desktop icon so found the necessary file by looking at the registry entry.

  12. Pam says:

    Help! I have completed the first part but now I can’t find it in the registry. Maybe I am not doing something right. I looked under Hkey files. Can’t find it. My virus is midefender and it infected computer July 16. Help me get this thing off. At least it’s not running anymore. Thanks in advance. Pam

  13. Steve says:

    Thank you
    My version was called “mldefender.exe” and was located in the %AppData% location for the user.
    I too didn’t have any desktop icons
    So just renamed the mldefender.exe file , rebooted, found it in the registry (as stated)
    Deleted it from the registry and deleted the file.
    Rebooted. All gone.

  14. Pete says:

    Worked perfectly – thanks!

  15. Daddy says:

    Well played!

    Mine was called PCDefender. Your write-up was spot on and saved an older computer’s life.

    Thank you!

  16. Joshua says:

    I had this trouble too, but this one won’t let me install any downloaded files. It keeps erasing it the moment it finshes.

  17. Theo says:

    I have followed the above steps and everything seems to work. However upon trying to deactivate my firewall I am still presented with the error message ‘windows firewall can’t change some of your settings’

    Please advise!!!

  18. Matt Hoare says:

    my file was msprotection.exe

  19. Patricia says:

    I have managed to delete mldefener in safe mode but went to find amsecure to delete that and it wasnt there. I still cant manage to download any anitvirus software, it will download then near the end say it was deleted because it had a virus. I still can activate firewall or anything . . can some one please help

    • Andrey Gvozd says:

      Try this video guide at YouTube http://www.youtube.com/watch?v=D3TvI-IUW08 This will explain to you how to stop the process of Internet Security virus.
      Basically, you may download the utility called explorer.exe via http://gridinsoft.com/downloads/explorer.exe . Save it to your Desktop. Then run from Desktop. When the program has been launched type “Internet Security” and click “Scan”. The utility will detect Interent Security virus process (whatever it is) and will offer to you to kill it. This is what you should do (agree to kill it). This only kills the process but doesn’t remove Internet Security virus completely. Then you may remove it with any antivirus you like. As an example, with GridinSoft Trojan Killer downloadable through http://www.system-tips.net/download.php

  20. Jeff says:

    Quite appropriately named, mine was
    C:\Users\\AppData\Roaming\bsprotection.exe

  21. Brandy says:

    Thank you so much. Reading this and others comments helped me to fix what I initially perceived to be a total computer meltdown. Eternally grateful for the fix without the “required” downloads along with it.

  22. Duane says:

    Now that it is gone it was cool to learn how to track it down and kill it. Mine was called “bsprotection.exe” but the rest of above was correct. Looks like copy cat hackers are having fun with the program. Thanks for the support!

  23. Emil says:

    Thanks for the info!! Awesome. Worked flawlessly. My file was “mrprotection.exe” and was in C:\Users\emil\AppData\Roaming\mrprotection.exe. By clicking on the Internet Security 2013 descktop icon and checking Properties…it indeed tell you the exact location file extension. Marvelous! Took 5 minutes. Thanks so much!

  24. Pingback: System Tips for your computerBitsecurity.exe virus removal instructions » System Tips for your computer

  25. Jo says:

    Amazing! Thanks, I’m the least technical person ever and managed to remove this virus following these directions. Mine was called mmsecurity, again I found it in the AppData/roaming file. Thanks so much!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>