How to Remove Fake Anti Viruses Like a Pro

by on December 13th, 2010 2 comments

In the last year there has been a huge outbreak of virus’s and malware that mask themselves as anti-virus software. They tend to be difficult to remove and attempt to extort money from users to “get rid of the virus that it’s detected”. Most experienced users will easily spot the viurs as bogus and remove it, but your parents or other less experienced users may buy into the ruse and pay for the removal of the “virus” that it detects. Even then if you were to pay the extortion fee, it most likely will not be removed.

There are some nasty things it can do to your machine so you want to remove it as soon as you can. One thing to note is never click on anything in the virus window, just minimize or work around whatever window pops up until you can get it removed.

If you find a PC you are working on infected it can be annoying to get rid of it, and there is a lot of useless information online on how to get rid of it. They often try to sell you a piece of removal software, which are unnecessary since there are free alternatives. The virus will normally not be caught by your installed anti-virus software (that is if you have one) and even then it may disable your copy of McAfee or Norton to where you cannot use them for removal. This is pretty obnoxious behavior but that’s what these pieces of malware are written to do, camp out and extort money.

First thing to do if you come across one of these pieces of malware is to dump the temp files on your machine. It will save time during the virus and malware scans some of the fake AV virus info might be stored in the temp files also, but usually it will regenerate if you remove it and just let it go. The easiest way to get rid of all the temp files on your machine is with Ccleaner. If you have it on your machine already, fire it up and run a full cleanup. If not you may try to download it and install, but often these virus’s will prevent you from downloading and or keep you from installing things. To manually remove some of these temp files something like clicking on Start and then clicking on Run and typing in “%temp%” and clicking on OK will get you to the temporary file folder, you can then select everything and hit Shift + Delete to get rid of everything.

The next thing to do I would suggest is to run a full scan with Malwarebytes. If you already have it installed you’ll want to update it before running but you may not be able to get online to get an update, you can go on another PC and search out the manual update, download it to a thumb drive to take back to your infected PC. If installing a new copy you might as well grab the manual update also in the event the internal updater doesn’t work. You can check on the update tab and see what the version and update date was. Once you have the newest installed go ahead and run a  full scan. This will take some time, but the fact that you dumped your temp files it will take a significantly smaller amount of time to fully go through the system. Once this scan gets to the end you’ll want to remove everything there. At times when you do the remove with Malwarebytes it can lock up and not finish the removal. It’s an annoying problem but it doesn’t happen every time, so it’s worth running. Reboot your machine and see if the fake AV software is still there.

If you’ve made it to here you’re Malwarebytes scan has locked up, or the virus was still there after you rebooted it is time to move on to another malware removal tool, this one is called SuperAntiSpyware. This is a powerful removal tool that after everything else has failed should get the virus removed for good. Just like you did with Malwarebytes you’ll want to download the installer and manual updater file, if you can’t on your infected PC, do it on another and copy it over with a thumb drive. Also as with Malwarebytes you will want to run a full scan on the PC to remove as much as possible. This will take some time but when it’s done you should have a lot to remove. Go ahead and let it remove everything and reboot the machine. This should get it cleaned up.

Once you’ve got the machine back up and it is clean, you will want to make sure your installed anti-virus software is still functional and to update it, make sure you keep it updated and run regular scans. Hopefully you can prevent future infections that way. Don’t click on anything you consider strange or open attachments from people you do not know. Basic safe surfing habits and a good anti-virus hopefully will keep you safe, but there are always those odd occasions things like this happens. If there are any other ideas or good methods to dump these virus’s please comment below and let me know.