Another Fake AV cant remove

cclloyd9785 · 13 Feb 2011

This problem is VERY similar to the one I had last time (except on a differnt computer), and worse.

If I try to run a program, it will block the service from being started, even if I reboot into safe mode. Now I cant start Windows Defender (which is what took care of it last time).

Any ideas on how to remove it?

A Guy · 13 Feb 2011

Have you tried this?

http://freeofvirus.blogspot.com/2009...ivirus-10.html

Download Remove Fake Antivirus 1.74 Free - This application is used to remove fake Antiviruses from your computers - Softpedia

A Guy

Bill2 · 13 Feb 2011

You can try running a scan with free malwarebytes. Run in safe mode if you have problems in the regular mode.

Borg 386 · 13 Feb 2011

Any chance you can do a sys restore? If you can, go back at least 2 or 3 points past the infection point, since some malware/viruses embed themselves in the 1st avail restore point.

You could try to install MSE which combines Defender along with Virus protection, although that may not install at this point.

Jacee · 13 Feb 2011

What's the name of the malware?

Bill · 14 Feb 2011

Download Sysinternal Process Explorer:

Process Explorer

This program runs as a stand alone, you can rename to a common windows process like iexplore.exe. Then launch the program. Look through the list of processes that shows up in front of you. Usually the virus stands out because it will have a random name like bhjkzyz.exe or something like (just an example). If you look at the process once you find it, you can see where the .exe file is. Usually it is in your App Data / Application Data folder (depending on your OS). So you can then kill the process. At that point, it should no longer be running and you should be able to run malwarebytes to remove it.

Bill

seth500 · 14 Feb 2011

Try the fry version of Hitman Pro it works good....on stuff like that.

Home - SurfRight

brady · 14 Feb 2011

True versions of Fake AV will no longer allow you to execute anything. True fake AV will modify the .exe reg file to point it towards the infection files.

The following .reg should be copied to a notepad page and saved as a ".reg"
Before clicking ANYTHING with the true Fake AV, this .reg should be double clicked to ensure you're truly launching what you want to be launching.

Code:

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[-HKEY_CLASSES_ROOT\secfile]

Once you're able to launch applications... I highly suggest you save your important files then reformat.