Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Introduction to Rogue Anti-Virus

16 Jul 2010   #21

Windows 8 Professional 64-bit
 
 

Once, I had to fix some guy's computer. It was an ancient PC, very slow. Making it a little easier. First step I needed was access to Task Manager, the virus prevented that. So I restarted, then on a hunch, when the PC was booting, I was able to activate Task Manager before the virus or the "faulty" AV actually booted. I got lucky, and was able to terminate the process.

Perhaps slow computers aren't that bad when it comes to faulty software...


My System SpecsSystem Spec
.

16 Jul 2010   #22

Windows 7 Ultimate 64-bit
 
 

I had to remove a rogue anti virus for someone the other day. It was called Security Master AV. I couldn't even open up the task manager. I got paid $30 for it too.

Anyways, this is a nice beginner guide for the uneducated. Nice job.
My System SpecsSystem Spec
16 Jul 2010   #23

Windows 7 Professional SP1 64-bit
 
 

Skulblaka, I did the same thing on a newer PC, so its not just slow ones if you are quick enough about it. In case you are wondering it was a desktop with a 2.4GHZ dual core processor, 2gigs DDR2 800 ram, and Windows XP.
My System SpecsSystem Spec
.


16 Jul 2010   #24

Win 7 Ultimate 32bit
 
 

See my post on page one if you run into this again. That will fix it almost every time.
My System SpecsSystem Spec
16 Jul 2010   #25

Windows 7 Professional SP1 64-bit
 
 

Tepid, that is an interesting article, but I think my method of going into safe mode and removing everything manually is better for me.

Forgot to mention this earlier and don't think it has been said yet, but some of these can be disabled by going into safe mode, opening up sysconfig, and looking at what is set to run at start up. Sometimes there is something in there for the fake anti-virus. Untick it, and after restarting you should be able to install and run MSE or MalwareBytes. It won't work every time, but it's really convenient when it does.
My System SpecsSystem Spec
16 Jul 2010   #26

Windows 8.1 Professional x64
 
 

Quote   Quote: Originally Posted by Petey7 View Post
Tepid, that is an interesting article, but I think my method of going into safe mode and removing everything manually is better for me.

Forgot to mention this earlier and don't think it has been said yet, but some of these can be disabled by going into safe mode, opening up sysconfig, and looking at what is set to run at start up. Sometimes there is something in there for the fake anti-virus. Untick it, and after restarting you should be able to install and run MSE or MalwareBytes. It won't work every time, but it's really convenient when it does.
I've cleaned a couple of family member's laptops that have been infected with these types of viruses and done the method you described. Worked both times and got it all cleared up.
My System SpecsSystem Spec
16 Jul 2010   #27

Win 7 Ultimate 32bit
 
 

Quite Honestly,, the best way to really do a good cleaning is with BartPE,,,,

You have to create a good BartPE with Sherpya's XPE on an XP Machine and it will work on a 7 system, you just can't create it on a 7 system.

This can give you full access to the drive and Reg Hives if BartPE is setup properly.

UBCD4WIN can work sometimes, but I have had more success with bartPE.

Unfortunately, BartPE is getting so dated that it doesn't work that often anymore due to Hardware advancements. But an alternative that does work, when it doesn't crash is Winbuilder 7RescuePE.

Also what works is the MS DaRT for Win 7, which you can run some apps from such as Spybot S&D and maybe Malwarebytes, but that may not work as it is not portable, unless you get the unofficial portable one that is out there and safe (afaik).

There are many ways of cleaning a system of Malware/Spyware/Rougeware.
The nice thing about these alternatives is you are not allowing the OS to run/boot directly.
My System SpecsSystem Spec
17 Jul 2010   #28

Windows 7
 
 

When you go onto these sites you can just close the web page can't you and that stops the actual virus from installing onto the PC doesn't it?
My System SpecsSystem Spec
17 Jul 2010   #29

Windows 7 Professional SP1 64-bit
 
 

BomberAF, there are some websites that show false scans and can be closed. Usually these can just be closed (better to open task manager and kill the process instead of clicking the close button, as this sometimes triggers the instillation), however this is not the way most people are infected with them. Usually an ad or something else online installs it to your computer with you seeing nothing. Upon restarting the computer you get something such as Microsoft Antivirus 2010 claiming that the computer has 100+ viruses and that they need to be removed. They also claim MS will only remove them if the person pays between $50-100. They also go far as t simulate a AV scan but take place in a fraction of the time an actual one takes. These programs are usually impossible to close or keep closed, and prevent the downloading and/or installing of actual AV programs. Removing them can be tricky if you don't know what you are doing. Reading the rest of this thread will tell you the various methods that we use. If you have anymore questions feel free to ask.
My System SpecsSystem Spec
17 Jul 2010   #30

Win 7 Ultimate 32bit
 
 

Quote:
Usually these can just be closed (better to open task manager and kill the process instead of clicking the close button, as this sometimes triggers the instillation), however this is not the way most people are infected with them.
Yep, clicking anything like Close, Cancel or X'ing out of the window can kick off the installation in the background with no warnings and no indication of the install or file copy. AS stated, Killing the app from Task Manager is a safer way, but, that doesn't guarantee that it didn't copy something to your system as part of a multi-part attack in where you hit a couple different ad's or pop-ups and they each copy a small different part at each time. My wife keeps asking me why I wipe out all her cookies and history and garbage all the time and it irritates her. But when I don't, after a period of time, something happens, and I really think it is a multi-part attack. Theory anyway.


Quote:
Usually an ad or something else online installs it to your computer with you seeing nothing.
These are what we call Drive-By Downloads
My System SpecsSystem Spec
Reply

 Introduction to Rogue Anti-Virus




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:46 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33