Rogue Anti-virus programs (also called “Scareware”) are spreading like wildfire. These programs pretend to be legitimate anti-virus programs, and lock users out their software, making the computer inoperable. They then warn that the computer is infested with viruses, and that you need to activate the program by giving them your credit card.

DON’T GIVE THEM YOUR CARD! These are fake programs created by criminals and they are likely to charge more then what they ask for. Regular anti-virus programs won’t lock you out and ask for payment to remove infections. Since the “Scareware” program, blocks users from accessing their programs, they can be a little tricky to remove if you don’t know the proper methods.

HOW TO REMOVE

There are many different Rogue Anti-virus programs, but the proper removal process is almost always the same. In order to gain control of your computer again, you must boot into “Safe Mode with Networking”.

MANUAL REMOVAL (Advanced)

1.Restart your computer. When it first turns on, repeatedly press the “f8” key, to bring up a menu. In the menu, use your keyboard to select “Safe Mode with Networking”.

2.Now that you are in safe mode, you will usually see an icon for the rogue anti virus program on the desktop. (typical names are “Spyware Protect 2009/2012, XP-Antivirus, and System Security 2012.) Don’t open it! RIGHT CLICK on the file once and goto properties. It will now show the actual location of the virus. Almost always the virus will be located in the windows “Application Data” folder.

3.Now that you know the name and location of the Rogue Virus, browse to the folder where it is located, and delete the file. Make sure to empty the recycle bin to ensure it is gone for good.

4.Next, remove the virus from the windows startup using Msconfig. For Win7 and Vista, click the start button, and in search box, type “msconfig” and press the “enter” key. For XP and older versions, click Start, then “run”, then type “msconfig” and press the “enter” key.

5.Navigate to the “Startup” tab, and deselect the scareware program from the list. If having trouble finding it, it is usually located in the “Application Data” folder, and you should be able to see it in the list.

6.Stay in msconfig, and check the “services” tab to make sure the program isn’t located in there as well.

7.Click Apply, and close msconfig. It will ask if you want to restart. Restart the computer, and the fake anti-virus program should be gone. After you reboot, update your current real anti-virus program and do a “full scan” to ensure there are not any other infections.

BASIC REMOVAL

1.Boot into “Safe Mode with Networking” using the same instructions located above.

2.Now that you are in safe mode, download and install the free program “SuperAntiSpyware”, and run a quick scan or full scan.

3.SuperAntiSpyware should pick up the virus and remove it. After the scan, the program will usually require a restart to finish the removal process.

4.If SuperAntiSpyware doesn’t do the job, try another free program called “Malwarebytes”.

5.If both programs fail to help, use the manual removal instructions located above.

Article Provided by Eugene Computer Geeks, Computer Repair Eugene Oregon

By DKNJ

8 thoughts on “Beware of Rogue Anti-Viruses, Scareware”
  1. We’re seeing a huge increase in these fake anti virus / malware programs, usually with clients who don’t take our advice and put in some form of content filtering firewall.

    As some of them can take more than MalwareBytes to remove, we’re now taking the approach that if we can’t remove it with MalwareBytes (or a similar product) within two sweeps or 30 minutes, it’s backup (ghost the drive), format and re-install time.

    Just not worth the hassle!

Leave a Reply