Removing a fake antivirus infection can be a real hassle. The good news is that this blog will take some of the stress out of this problem for you.
To start, I encourage you to download the free malware removal tools below.
It's important that you read the entire document, the technique used is just as important as the tools you download
Keep in mind that removing fake antivirus malware can be challenging, read this guide once through and print out the guide for reference if you loose internet for any reason.
Free Malware Removal Tools
Download Each Free Tool
Assuming you internet connectivity, download several versions of Rkill that are available.
For example:
Rkill.exe and Rkill.com; I would grab the other two variants as well.
The reason for this is because the fake antivirus can prevent Rkill.exe etc. from launching. They often do this to your Anti Virus downloads.
Step 1a
Download at least one of the free anti virus packages I linked at the top of this page.
Do Not try and install the Anti Virus Software yet!
Step 2
After you have downloaded at least one anti virus and at least two variants of Rkill; Restart the computer in Safemode
Do that by hitting the F5 key as Windows begins to start.
Choose the Safemode with Networking option
Step 3
Copy the Rkill files from your "download" folder to the desktop.
Launch Rkill.exe or Rkill.com to suspend any running fake antivirus viruses.
You will see a new window open up with a black text box.If you don't see any activity after launching Rkill.exe try launching Rkill.com, and so on until it works.
Step 4
Install one of the anti virus tools you downloaded and update it.
The perform Full scan.
The scans should turn up some virus's that can be removed.
If the anti virus doesn't turn anything up, uninstall that anti virus and install the other copy you downloaded and repeat the process.
Be patient, removing fake antivirus malware can take several scans.
Step 5
I assume either Malwarebytes or Avira was able to remove the fake anti virus software at this point; or at least some malware.
If so, restart the computer normally and see if the clean up fixed your issue.
Re-scan Windows again. You do this because now there are more system components running which may have activated any safemode dormant malware.
Step 6
If the fake anti virus was removed successfully you may disregard this last step.
Download combofix from the link provided in the blue tools box.
Combofix cannot be run from the "download" folder, so copy it to the desktop.
Combofix doesn't play well with actively running anti virus tools, so you may need to exit those programs before starting combofix.
If you are told to download and install the Microsoft Recovery Console....DO IT!
This will allow Combofix to make repairs to corrupted system files.
Before using Combofix, read the guide that is provided by bleepingcomputer.com. It will save time in the long run.
I trust by now if you have followed these 6 steps your PC is now running properly.
It has been my privilege to write this guide.
-Best wishes!
To start, I encourage you to download the free malware removal tools below.
It's important that you read the entire document, the technique used is just as important as the tools you download
Keep in mind that removing fake antivirus malware can be challenging, read this guide once through and print out the guide for reference if you loose internet for any reason.
Free Malware Removal Tools
Download Each Free Tool
- Free MalwareBytes Anti Virus
- Free Avira Anti Virus
- Rkill-Suspends malware processes
- Autoruns-Allows you to disable ALL autostarts
- Combofix-An aggressive anti-virus tool
Assuming you internet connectivity, download several versions of Rkill that are available.
For example:
Rkill.exe and Rkill.com; I would grab the other two variants as well.
The reason for this is because the fake antivirus can prevent Rkill.exe etc. from launching. They often do this to your Anti Virus downloads.
Step 1a
Download at least one of the free anti virus packages I linked at the top of this page.
Do Not try and install the Anti Virus Software yet!
Step 2
After you have downloaded at least one anti virus and at least two variants of Rkill; Restart the computer in Safemode
Do that by hitting the F5 key as Windows begins to start.
Choose the Safemode with Networking option
Step 3
Copy the Rkill files from your "download" folder to the desktop.
Launch Rkill.exe or Rkill.com to suspend any running fake antivirus viruses.
You will see a new window open up with a black text box.If you don't see any activity after launching Rkill.exe try launching Rkill.com, and so on until it works.
Step 4
Install one of the anti virus tools you downloaded and update it.
The perform Full scan.
The scans should turn up some virus's that can be removed.
If the anti virus doesn't turn anything up, uninstall that anti virus and install the other copy you downloaded and repeat the process.
Be patient, removing fake antivirus malware can take several scans.
Step 5
I assume either Malwarebytes or Avira was able to remove the fake anti virus software at this point; or at least some malware.
If so, restart the computer normally and see if the clean up fixed your issue.
Re-scan Windows again. You do this because now there are more system components running which may have activated any safemode dormant malware.
Step 6
If the fake anti virus was removed successfully you may disregard this last step.
Download combofix from the link provided in the blue tools box.
Combofix cannot be run from the "download" folder, so copy it to the desktop.
Combofix doesn't play well with actively running anti virus tools, so you may need to exit those programs before starting combofix.
If you are told to download and install the Microsoft Recovery Console....DO IT!
This will allow Combofix to make repairs to corrupted system files.
Before using Combofix, read the guide that is provided by bleepingcomputer.com. It will save time in the long run.
I trust by now if you have followed these 6 steps your PC is now running properly.
It has been my privilege to write this guide.
-Best wishes!
No comments:
Post a Comment