I have a machine that has been taken over by this Internet Security 2010 fake antivirus software. I have Avast AV on the machine it detected the virus, but was unable to stop it.
Now I am unable to run task manager- I get an error stating that the administrator has disabled the task manager, and several other admin tools to stop this attack. Once I reboot the machine immediately it pops up with a paragraph stating that there is a virus on the machine. also I am unable to browse the web, it pulls up all kinds of websites that I didnt ask for. Tried to run bitdefender online, and it stops it from updating. I have tried to install malwarebytes, it installs everything but the exe file, I think this Internet Security 2010 is stopping/blocking the exe from being loading. I am able to get into safe mode to pull up task manager, I have to hold the ctrl atl del buttons, for a while to access it, the same Internet Security 2010 msg starts popping up again, I was able to stop the msg and some of the processes that were not known, and it seemed to have stop it, but the red x still showed in the bottom right corner. also on the bottom right corner of my screen the fake Internet Security 2010 shield stays there, along with a fake red stop sign with an x in the middle.
I have deleted the Internet Security 2010 folder listed under program files, but it keeps rebuilding it self.
I have no clue what to do now... need help on what to do next.

Try MBAM in safe mode...

But some of this junk is getting to the point where it is best to cut your losses, wipe the drive and reinstall...IS2010 is close to that point. It, like its predecessors, is very difficult to remove.

I have tried MBAM in safe mode, it seems to have blocked the exe, I am unable to run it. I dont see the exe no where. I was thinking that the reinstall would be my only choice. Do you have any suggestion/AV?tools to prevent this garbage in the future?

Follow the instructions here (http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010). Please post the MBAM log and a hijackthis log once you have completed removal.

@classicsoftware...I will follow the instructions once I get home, I had to use another machine just to post my problem. Thanks for your reponse and help!

Malwarebytes' Anti-Malware 1.44
Database version: 3542
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/11/2010 6:15:12 PM
mbam-log-2010-01-11 (18-14-51).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 332033
Time elapsed: 2 hour(s), 30 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 20
Registry Values Infected: 15
Registry Data Items Infected: 15
Folders Infected: 4
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\SYSTEM32\dipamola.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\SYSTEM32\gurinuwe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\nivunaso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\tuyalaze.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\helper32.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9dc2bc49-52dc-4999-abf5-2a97cf8f2e7c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89} (Adware.WebDir) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89} (Adware.WebDir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mahisapil (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{9dc2bc49-52dc-4999-abf5-2a97cf8f2e7c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\wowelupab (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\asg984jgkfmgasi8ug98jgkfgfb (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\tygklbwo (Trojan.FakeAlert.N) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ygua8e7yhuiesfha876yfauy8fe (Trojan.Downloader) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: tuyalaze.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dipamola.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dipamola.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{1626e307-39b7-452b-8519-ea24a533cca0}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.2.1 -> No action taken.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> No action taken.

Files Infected:
C:\WINDOWS\SYSTEM32\dahihiwi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\dipamola.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\gezonawo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\gurinuwe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\halihupe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\huyogara.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jedetotu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jowujino.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\jugifidu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\nivunaso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\tuyalaze.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wufewoga.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wutivoba.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\helper32.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\uj1u292.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\avp.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\cmd.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\csrss.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\debug.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\drweb.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\due4n6df.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\install.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\spoolsv.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\system.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\smss.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\winlogon.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\1546778624.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\1748384678.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\2445968294.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\2647886848.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\3345314214.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\3553014018.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\4244660134.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\849038758.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\win.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\win16.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\WINDOWS\SYSTEM32\winlogon32.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\wutivoba.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> No action taken.
C:\Documents and Settings\Marlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
C:\Documents and Settings\Marlin\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\41.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Marlin\Local Settings\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\warning.html (Trojan.FakeAlert) -> No action taken.

The thing is you didn't let MBAM fix them. Run it again and fix all of the problems.

man, try to install Bitdefender 2010- Internet Security an it the virus doesn't let you, check this out http://www.bitdefender.com/site/KnowledgeBase/business/#490, I had something and Bitdefendre helped me after I sent some reports to them!

mon_drex, when it comes to matters such as this, please try to let those who have been trained and are well acquainted with what is required to fix the problem answer.