Tip & How-To about Computers & Internet

Quick Fix for most FAKE Anti-Virus infections.

Note: Get a pad of paper as you will need to write down a few file names.

1. Identify the fake Anti-Virus program.
This is simple just look at the name and icon of the program claiming to be an anti-virus. This should not be hard because they are constantly informing you of fake infections and automatically running scans. After you know which program is bothering you click the start menu or if you can access your desktop find the fake AV programs icon. Once you find the icon on your start menu or desktop right-click and go to properties. Now write down the name .exe file.

2. Deleting the virus
First of all restart your computer in safe-mode. You can do this by either restarting your computer and repeatedly pressing the F8 key until the safe mode screen appears. Or you can click start menu>run type msconfig and hit enter. Click the BOOT.INI tab then put a check next to /SAFEBOOT. Click Ok and then Restart. Once your computer is in safe-mode click START>RUN. Type regedit and hit enter. Press Ctrl+F so that we can search for the fake AV. Remember that file name you wrote down earlier type that into the find box and hit enter. Right click on and delete any registry entries associates with that file. This will prevent the fake AV from trying to run the next time you start your computer. After you have found every entry tied to that filename type in the actual name of the fake AV ex. Anti-Virus 2009. Do the same thing as you did with the filename delete any and all entries associated with the name of that AV.
After this is completed close the registry. Click START>RUN type msconfig. Go to both the Startup tab and the Services tab and look for any entries that have the name of the fake av program or the filename you wrote down. Un-check any you find. Now close the configuration panel. Click START>SEARCH>FOR FILES OR FOLDERS... type in the name of the file you wrote down and hit enter delete any of the files you find with that name. Also if any of the files are in a folder named what the AV is delete those entire folders. DONT delete your system32 folder or anyfolder found in your C:\Windows directory unless you know for 100% that its only contents are files associated with fake AntiVirus Program. If you are unable to delete the file ex. it gives you an error message saying its already running restart your computer again in safe mode and try deleting it again. After that is complete and you booted your computer in safe mode using the msconfig method click START>RUN type msconfig goto the BOOT.INI tab and un-check /SAFEBOOT if not just restart your computer.

After those steps are completed the fake Anti-Virus program should not be bothering you anymore. Remember this is only a quick fix so that you can at least use your computer to run an anti-spyware\malware\virus program and this is highly recommended as its likely you have more infections.

Posted by on

Computers & Internet Logo

Related Topics:

Related Questions:

1 Answer

Windows Security Center alert ?


The fake Windows Security Center is a virus that invades a computer and threatens the user that his computer is infected with multiple viruses. Although this "tool" looks legitimate, it is actually rogue malware. It can be time-consuming to remove this fake Windows Security Center from your computer, but you can do it for free.

Download and install a legitimate free anti-malware program, such as Malwarebytes Anti-Malware (malwarebytes.org), on your computer. Restart your computer and hold down the "F8" key for a few seconds before the Windows logo appears to start the computer in safe mode. Run the anti-malware program and allow it to perform a full scan of your system. This may take hours, depending on a number of factors, but allow the anti-malware software to do its job so that you will be able to fully remove fake Windows Security Center from your computer. http://www.malwarebytes.org/ rather than pay for it http://corbitek-antimalware.soft32.com/free-download Free reliable antimalware solution with realtime protection and automatic update Click to put a check mark next to all of the malware files detected in the scan and click "Delete." Download and install CCleaner (piriform.com/ccleaner). http://www.piriform.com/ccleaner This free program will scan and clean out all temporary files on your computer. Run the program, and when it finishes, your computer should be free from the fake Windows Security Center. Restart your computer to exit safe mode.

Jan 15, 2013 | Computers & Internet

2 Answers

Pls advise if the following processes running in my Task Manager are viruses or genuine system processes - ccSvcHst.exe; lsass.exe; explorer.exe, winlogon.exe; svchost.exe; wuauclt.exe; jqs.exe; jusched.exe. How to differentiate between viruses and genuine processes with similar names.


ccSvcHst.exe - works to display the GUI (Graphical User Interface) of Norton products, which usually include the Norton Security Suites.
lsass.exe - Disable and remove lsass.exe Immediately. This process is most likely a virus or trojan.

Other processes are required for essential applications to work properly.

You can visit this liutilities.com and search for the process your not familiar with.


Please rate this if you find this helpful.

Thanks,

Mar 21, 2011 | Computers & Internet

1 Answer

i may have a virus but usually it waits until when i listen to my windows media player & within 10 or 15 mins after my pc makes a weird repetative thud noise (like a virus) and im forced to hold down my power button to restart. i was thinking corrupted file attachments from email but i was protected by a disc i bought with protections. but when i was working offline my protection program turned off some layers of protection then it started doing this noise. id like to know how to diagnose this problem. Also, I had forgot my password one time and my buddy did something to it and now when i startup my pc it always goes to this backdoor or whatever 1st. its a black screen which authorizes another password input and then the regular sign in page comes up to log in. or it logs on for me instead of the regular 'OWNER' log in pg.


Follow the given steps to remove virus from your PC:
1. Keep your antivirus program up to date.
2. Turn off System Restore.
3. Use an online scanner.
4. Use the Malicious Software Removal Tool.
5. Manually remove viruses.
The first step is to identify the virus. Run your antivirus software to identify the name of the virus. If you don't have an antivirus program, or if your program does not detect the virus, you can still identify the virus by looking for clues about how it behaves. Write down the text in any messages displayed by the virus or, if you received the virus in e?mail, write down the subject line or name of the file attached to the message. Search the antivirus vendor's website for references to those specific things you wrote down to try to find the name of the virus and instructions for how to remove it.

Dec 29, 2010 | HP Mini Notebook

1 Answer

what should i do to my digicam affected with trojan virus?


1. Transfer files to your computer that you don't want deleted.
2. On your camera, select "Menu." Go to "Set Up," and choose "Format."
3. Choose "Memory Card" and authorize the Reformat. This will clear everything off of your memory card.
4. Connect your camera to your computer with a USB cord, taking note of what drive it creates. It should be the E: drive, but each computer is different.
5. Download a free anti-virus program such as Avast! or AVG, or open you computer's default anti-virus software.
6. Choose a drive scan. Select the drive that your camera is in, and then initiate the scan. The anti-virus software will identify if there are any viruses left on the camera.
7. If there are no viruses found, you were able to delete them while reformatting the memory card, and you are done. If the anti-virus software finds a virus, move it to quarantine and delete it.
8.Run the anti-virus software a final time to double check that the camera is free of viruses.

Dec 22, 2010 | Computers & Internet

1 Answer

my computer is infected with something called security tool telling me i have worms, when in fact it is a worm. i cannot uninstall or even find it in files or programs the file name is 975937287.exe how do i get it out? or how do i put computer in safe mode. this virus wants me to buy something


Its a fake anti virus program. The best thing is to search google for fake antivirus removal tool. Run this and after that get yourself a good anti virus program with buit in spyware remover to keep this from happening again.

Nov 13, 2010 | Free of Virus Remove Fake Antivirus

Not finding what you are looking for?

203 people viewed this tip

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

kakima

Level 3 Expert

102366 Answers

David Payne
David Payne

Level 3 Expert

14161 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Loading...