NEED HELP...removing "Internet Security Essentials"

I would first try running in safe mode with networking. As the computer is booting up hit F8 (usually) and choose that option. From there run malwarebytes or do a hijackthis scan and post your results here.

The Internet won't work because the malware is setting a proxy. You can turn that off by going to tools..Internet options..connections..lan settings, and uncheck the proxy checkbox.

Sometimes a program like this will only affect one account, so if the above fails sometimes you can log into the unaffected account and clean it off from there.

Another option is to try opening task manager as you are logging in. You are in a race with the malware and want to get task manager opened before the malware program starts and prevents you from doing so. From there you can end the processes and essentially close the malware program. This won't get rid of it but should enable you to run a scan.

 

You can also try the AVG Rescue CD. It's a bootable CD that runs a version of Linux and then scans the drive. The problem with that trojan is that it's basically running as part of the OS, so it's difficult to remove with the OS running. Booting from the rescue CD fixes that problem. Downloadable for free here: http://www.avg.com/us-en/avg-rescue-cd , just get the .iso and burn it to a CD.

 

WOW, I've never seen Malwarebytes fail yet. Did it not find it or did it have trouble removing it? You updated the definitions right?

 

The threat has been mostly likely removed. It's your proxy settings that are hosed. Open your browser and go to tools/internet options/connections. Click the lan button and uncheck "use proxy server". Close your browser and then reopen.

 

Check the host file by going to C:\WINDOWS\system32\drivers\etc and open the hosts file with the notepad. Make sure there aren't any weird Google stuff in there, delete it if there is. It shouldn't have anything listed under 127.0.0.1 localhost

 

Mmmm not sure what else to check on that one, I'll have to think about it.

 

System Restore > Pick a Date before download of "ISE"

 

I suspect the malware is probably still the issue and not totally cleaned off.

If all else fails I would suggest running Combofix. It is very aggressive and I've seen it delete some needed Windows files (fixed using a Windows repair install), but it usually does a good job of getting everything cleaned up.
http://www.bleepingcomputer.com/download/anti-virus/combofix

 

To each his own, but I'd never trust that machine until it was nuked and I reinstalled Windows. YMMV.

 

I'm no geek expert and I didn't even sleep at a Holiday Inn last night, but I've always had the best luck with Smitrem.... http://noahdfear.geekstogo.com/

Of course it sounds like it may be too late for your machine, but it is pretty easy to use as long as you are able to boot in safe mode. I just used it last week on my Dad's PC after he clicked on something and couldn't get rid of it. Of course it was a Dell so I had to figure out how to change the settings to get it to boot in safe mode but after that it was easy as usual!

 

Go to C:\Documents and Settings and see if you user folder is still there. If it is you might be able to restore your profile or you could create a new user and copy your files over.

 

Glad that worked out for you. When there's a "residual" problem, best thing to do is exactly what you did - just leave the damn thing off overnight.

 

not sure what you are using for anti-virus but I've had good luck after migrating to microsoft security essentials with the occasional malwarebytes scan thrown in for good measure after having a couple of episodes like you just had.

good to hear things are "resolved" though...