Remove Fake Antivirus (Program)

[Appletax]

Does anyone use/recommend this?

http://majorgeeks.com/Remove_Fake_Antivirus_d6323.html

 

[ZenTree]

Trialled it on a mate's computer (thinkpoint virus, it claimed to remove). Took so long scanning that I just stopped it and used other tools.

 

[xacked]

No

As the description says:

"Editor's note: These variations can change rapidly and be difficult to remove. Often you need multiple programs to effectively eliminate these infections. If this does not work for you, we suggest using Malwarebytes Anti-Malware and or reading our Malware Removal Guide."

I completely agree.

The two specialized tools that I'd trust is Confickerfix if you know for sure it's conficker, and TDSS Killer which is the only thing so far that can quickly remove tdlr4.

 

[vdub12]

The best way period to remove a rogue antiviruses is manually. Why spend hours running multiple scans when you can just delete the executable and fix a few windows settings. It takes 10 minutes tops.

 

[tiani]

I know this is going to sound like a totally noob question but how would you start to figure out how or what to do manually. I have never done that and really would like to learn.

 

[ZenTree]

There are quite a few topics on the forums already but a good place to start is autoruns. Rootkits can confuse it easily enough but for common scareware etc it's a good place to learn some of the places where malware can hide.

 

[vdub12]

I know this is going to sound like a totally noob question but how would you start to figure out how or what to do manually. I have never done that and really would like to learn.

I use autoruns myself. All you need is to find where the executable is hidden. Normally its in the appdata dir under the infected profile. You can log on under safe mode or another profile ti find it without the fake AV opening. Normally the fake AV will change the EXE association in the registry and create proxy in IE. Some times the fake AV will even change the default farefox and IE shotcuts from the start menu, I haven't seen that in a while though. Most if not all can be fixed quickly with some reg backups and a few settings in IE.

 

[xacked]

I know this is going to sound like a totally noob question but how would you start to figure out how or what to do manually. I have never done that and really would like to learn.

There's a great tutorial that you'll have to download (the original link and online host is gone from technet for some reason), it's a presentation from the creator of Autoruns, Mark Russinovich.

http://microsofttech.fr.edgesuite.net/msexp/download/spotlight/359/359_high.zip