Remove Fake Anti-Virus Malware


You might be wondering why we have a screenshot of what appears to be AVG Anti-Virus, but is in fact a fake anti-virus malware that holds your computer hostage until you pay them. Here’s a really simple tip to defeating these types of malware, and a quick review of other options.
Not sure what we’re talking about? Be sure to check out our previous articles on cleaning up fake antivirus infections.

How To Remove Internet Security 2010 and other Rogue/Fake Antivirus Malware

•How To Remove Antivirus Live and Other Rogue/Fake Antivirus Malware

•How To Remove Advanced Virus Remover and Other Rogue/Fake Antivirus Malware

•How To Remove Security Tool and other Rogue/Fake Antivirus Malware

So what’s the problem? Can’t you just run a anti-virus scan? Well… it’s not quite that simple. What actually happens is that these pieces of malware block you from running almost anything on your PC, and often prevent you from running apps from a Flash drive, with an error like this:

Once you encounter this error, there’s a couple things you can do. The first one is almost stupidly simple, and works some of the time:
Move the Dialog, and Try Again! Yeah, that’s right—reader Robert wrote in to tell us that you can often just move that error to the side of the screen, and then try to run your anti-malware or anti-spyware application again. Turns out that some of the errors will only run once… and then you can get your favorite application running.

If that doesn’t work, then here’s the next great tip…

Rename Your Anti-Malware App to Explorer.exe

Since most of the fake anti-virus malware needs you to be able to slightly use your PC, the one executable that it won’t ever block is “explorer.exe”, since they want you to be able to get online and go to their site and pay them—not so easy if you have no Start Menu.
So just rename your favorite anti-malware application to explorer.exe, and you should be able to use it.

Thanks to reader Jeffrey for writing in with this tip.

General Guide to Defeating Fake Anti-Virus Infections

There’s a couple of steps that you can generally follow to get rid of the majority of rogue antivirus infections, and actually most malware or spyware infections of any type. Here’s the quick steps:

•Try to use the free, portable version of SUPERAntiSpyware to remove the viruses.

•If that doesn’t work, reboot your PC into safe mode with networking (use F8 right before Windows starts to load)

•Try to use the free, portable version of SUPERAntiSpyware to remove the viruses.

•Reboot your PC and go back into safe mode with networking.

•If that doesn’t work, and safe mode is blocked, try running ComboFix. Note that I’ve not yet had to resort to this, but some of our readers have.

•Install MalwareBytes and run it, doing a full system scan. (see our previous article on how to use it).

•Reboot your PC again, and run a full scan using your normal Antivirus application (we recommend Microsoft Security Essentials).

•At this point your PC is usually clean.

These steps generally work.

Can’t Even Boot Anymore? Here’s Your Solution

All you have to do is use a repair disk from one of the anti-virus manufacturers, who have each created downloadable ISO images that you can burn to a CD, or install onto a USB flash drive. Boot from it, run a scan, and then your PC will be clean.

•How to Use the BitDefender Rescue CD to Clean Your Infected PC

•How to Use the Avira Rescue CD to Clean Your Infected PC

•How to Use the Kaspersky Rescue Disk to Clean Your Infected PC

We prefer using the BitDefender CD, since it’s automated and simple, but it couldn’t hurt to use more than one if necessary… so why not combine a bunch of recovery tools together? Here’s how:

How to Combine Rescue Disks to Create the Ultimate Windows Repair Disk

Source: How-To Geek
Advertisements
This entry was posted in Misc. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s