What this programs does:

Internet Security 2010 is a rogue anti-spyware program that is installed through the use of malware. Once installed,  Internet Security will be configured to start automatically when you login to Windows. It will then scan your computer and display numerous infections, but will not remove anything until you purchase the program. These infections, though, are all fake and are only being shown to trick you into thinking you are infected so that you then purchase the program. It goes without saying that you should definitely not purchase this program.

Internet Security 2010
For more screen shots of this infection click on the image above.
There are a total of 8 images you can view.

Internet Security 2010 is typically bundled with numerous Trojans that display fake security alerts on your computer. For example, one Trojan will display a message when you login into Windows before you see your desktop. This message will state:

Security Warning!
Worm.Win32.NetSky detected on your machine.

It will then recommend that you purchase the program to remove the infection. When you start certain programs, another Trojan will display a message and then terminate the program. The message it will display is:

Application cannot be executed. The file is infected. Please activate your antivirus software.

Some of the programs that will cause this message to be shown include Notepad, the CMD prompt, Freecell, Minesweeper, Nero, Windows Messenger, Microsoft Word, Microsoft Excel, Window calculator, Skype, and PowerPoint. This same Trojan will also display a warning when you try to run programs, such as Windows Media Player or WinAmp, that play audio and video files. This error message is:

Windows can`t play the folowing media formats: AVI;WMV;AVS;FLV;MKV;MOV;3GP;MP4;MPG;MPEG;MP3;AAC;WAV;WMA;CDA;FLAC;M4A;MID. Update your video and sound codec to resolve this issue.

It will then prompt you to purchase VSCodec Pro, which is another rogue program, to fix the supposed problem. Just like the scan results, these security warnings are fake and are only being shown to try and convince you that your computer has a security problem.

As you can see, Internet Security 2010 was created to scare you into purchasing the program. Without a doubt, you should definitely not do so, and if you have, you should contact your credit card company and dispute the charges stating that the program is a scam. Finally, to remove Internet Security 2010 and any related malware please use the removal guide to remove it for free.

If you are seeing a Spyware Alert box that stats that Worm.Win32.Netsky detected on your machine, then you have become infected with a trojan that uses this Spyware Alert to trick you into purchasing Advanced Virus Remover, Antivirus 2009 or another rogue antispyware program. Once running, the trojan will display a fake Security alert as shown below:

Security alert
Security Warning!
Worm.Win32.Netsky detected on your machine.
This virus is distributed via the Internet through email and Active-x
objects.
The worm has its own smtp engine which means it gathers
emails from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.

Recommendation: It is necessary to perform a system scan.

Worm.Win32.Netsky detected on your machine – Fake Spyware Alert

What is more, the troajn will also display a lot of popups, disable Windows Task Manager and change a desktop background to blue with a black window saying that you have a serious infection and need to run a spyware removal tool. However, all of these warnings are fake and supposed to scare you into thinking your computer is in danger. Use the removal guide below to remove this infections and Worm.Win32.Netsky Fake Spyware Alert from your computer for free.

Automated Removal Instructions for Internet Security 2010 using Malwarebytes’ Anti-Malware:

Step 1.

Download HijackThis from here and save it to your Desktop.
If you cannot run HijackThis, then re-download it, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.

Run HijackThis. Click “Do a system scan only” button. Now select the following entries by placing a tick in the left hand check box, if present:

F2 – REG:system.ini: Shell=Explorer.exe logon.exe
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O4 – HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe

Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.

Step 2.

Download LSPFix from here and unzip it to your Desktop.

Run LSPFix. Place a tick in the “I know what i`m doing”.

In the KEEP box select winhelper86.dll and press “>>” button.

Press Finish>> button. When LSPFix is done removing the LSP you will see a summary box. Press OK.

Step 3.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

The infection creates the following files and folders

c:\windows\system32\AVR10.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\winhelper86.dll
c:\windows\system32\winupdate86.exe
c:\windows\system32\winlogon86.exe

The infection creates the following registry keys and values

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe