The following lines were added (+) and removed (-):
The Internet Security 2012 interface opened. It did not look like part of the web browser. It was not only showing the false virus scan interface, it was actually generating disk i/o activity. It placed an icon in the icon tray. Previously such false anti virus interfaces were actually just browser windows manipulated by javascript and css to look like a stand alone program. In this case, I was actually seeing a stand alone program. It disabled the real Windows Security Center. In task manager I could see the process kjm.exe running. I am very familiar with what processes belong in the windows task manager through experience and therefore I spotted this rogue process immediately.The Internet Security 2012 interface could be killed via the task manager by killing kjm.exe. However, within 30 seconds to over a minute it would come back. kjm.exe would appear again in task manager. Although I seen kjm.exe, the process will likely have another 3 character name on another infected PC. The Internet Security 2012 interface would claim to have detected viruses. It was opening other application windows associated with anti virus.This virus evaded the anti virus software running on the system. This virus also modified system files so that Microsoft Internet Explorer, and Firefox would not allow browsing of the Internet. The browsers would display a message warning that any web site attempting to load was a dangerous site and had to be blocked, including google.com.Windows search failed to locate kjm.exe on the system hard disk drive. It turned out that kjm.exe, the process for Internet Security 2012, was located in C:\Documents and Settings\<username>\Local Settings\Application Data\kjm.exeRunning cmd.exe as user administrator opened a dos shell. Navigated to the path of the rogue executable and removed it with the del command. del kjm.exeEnsure the process is NOT running in task manager before attempting to delete it.Going to My Computer, Tools, Folder Options, File Types, you need to restore exe. This may or may not be successful.The malware virus manipulated windows file type associations so that executable programs would no longer run. Trying to run the Windows registry editor regedit.exe would display the windows file type dialog. You need to run the Microsoft System Restore located at the following path: %SystemRoot%\System32\restore\rstrui.exeCreate a shortcut to this path on your desktop. Right click on the shortcut and choose to "Run as..." Run it as the Administrator user. This will circumvent the messed up exe association corruption in the registry and allow you to run system restore. Restoring to a previous checkpoint, one that you know is prior to the infection, will get you back up and running.NoScript plugin for Firefox* Never use Microsoft Internet Explorer* Correct use of the NoScript plugin for Firefox