• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

Malware-virus

choucove

New Member
The process for removal of any of these variants of virus is pretty simple. If you do a google search on "how to remove <insert fake antivirus software name here>" it will give you step-by-step directions from several reputable places.

To summarize, many times this virus disables your ability to open windows or programs, stating that the process or executable is infected. A small program called rkill (download here) will stop all running processes that are malware related and allow you to once again open windows and run other processes. The other way of doing this, if you are unable to download the rkill program, is to use Ctrl+Alt+Del to open task manager at the very startup of your computer before the fake antivirus has a chance to load and start up. If you can open task manager before the virus loads, you can then kill the process of the fake virus application.

Additionally, many variants of this virus will enable a proxy server within Internet Explorer which will make it so you are unable to browse the internet on your computer using IE. You can disable the proxy settings by opening an Internet Explorer window, select the Tools menu, and go to Internet Options. Click the Connections tab. Click the button at the bottom of this window for LAN Settings. Uncheck the box next to Use a Proxy server for your LAN.

I have found that there are several antivirus applications that actually will not see some of these variants of malware and thus won't remove it if you do a scan. This includes Norton, McAfee, and AVG. Instead, I've found that Malwarebytes (download here) has been able to recognized, catch, and remove pretty much any variant of this infection. Download, update, and install this application and then perform a full system scan. At the end when it displays what files have been infected, select to delete all threats detected.

If Malwarebytes is unable to install or unable to detect and remove the virus for some reason, then it is possible to manually remove these viruses. It takes a little more work, and you may want to call in a computer technician to do so for you. Once again, if you do a google search for "how to remove <insert fake antivirus software name here>" it will have directions for the removal of that variant of the virus. Often times on these pages it also details which files have been created or affected by the virus, as well as registry key entries and changes made by it. These files need to be removed, and the registry keys either need to be deleted or changed back to the correct value. Again, don't attempt this manual repair unless you are sure you know what you are doing.

One final bit of good news (if there can even be good news about a virus) is if you have the specific virus variant which installs the fake antivirus software called "AntiVir 2010". I've found a nifty hidden uninstaller for this version that actually removes all the virus files and deletes all of its registry keys. After infecting the system, AntiVir 2010 creates application icons, start menu folders, and program file folders even. However, you are unable to remove any of these. But open up your Program Files folder and locate a folder called Common Files. Inside this folder should be another folder simply called AV. And within this folder is a single uninstaller executable. Once again, you will have to had disabled the virus process currently running, but then you can run this uninstaller and it will automatically remove everything of the virus. Restart your computer and all should be back to normal. Still, I would suggest a scan of Malwarebytes just to be safe!
 

G-Artist

New Member
Not all viruses and other malware will be killed by any defense software if it gets itself
installed on your bootblock.

Google "rootkit" and download a copy of a program that will search for and destroy those buggers.

I used to have a program that sealed the boot block but then one could not install AI, Corel (maybe) and a few other programs because they put data there.
 

Techman

New Member
There's been a list posted in this thread of different fixers, cleaners, removers. Most of them are behind the power curve. That means all of them will never do the work alone. Where one fails another works.

Combofix is not the latest, Malwarebytes is not complete either. None of them are. The maggotware changes weekly.
 
Top