My brother accidently installed a fake antivirus. It wont let him get on the internet, run basically any program (even taskmgr) or do much anything unless he "activates the antivirus" by buying it.
Iv tried running Remove Fake Antivirus 1.72, full system scans with Spy Sweeper and MSE. Nothing has worked. Any ideas?
Not a system restore because he doesnt have any backups.
And yes I was doing that all in safe mode.
Do a search for a program talked about 9 or 10 months ago in the System Security forum
It is called Rkill. It got one of the toughest, nastiest, spyware, fake virus programs I had ever seen.
you can download malwarebytes and remove those rogues.
RKill was developed by BleepingComputer.com and can be downloaded from their website:
RKill - What it does and What it Doesn't - A brief introduction to the program
It may be necessary to download from another (uninfected) computer to USB stick. Also, pay attention to the warning: Since RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice.
Ya, run rkill and then mbam from an external usb stick. You should also like to dload the other versions of rkill such as rkill.com, rkill.scr in case if it blocks exe files. If none of the above works, try running the renamed version of rkill available at bleeping computer's site.
What is the name of this fake AV? Some companies have fake AV removers specifically targeted for certain fake AV's. Try Googling the name of it +removal tool and see what you can find.
Another option is Norton Power Eraser which you can run from a USB:
http://security.symantec.com/nbrt/npe.asp?lcid=1033
Or a boot rescue disk, like AVG rescue disk. This will run at boot up before the system initializes and attempt to repair/delete the offending software
http://www.avg.com/us-en/avg-rescue-cd
Last edited by Borg 386; 28 Dec 2010 at 20:04.
i forgot to add, you can also use hitman pro. if its blocking the executable, you can use breach mode on hitman pro by pressing and hold down the ctrl key while clicking hitman pro.
Quote