Fake Anti Virus 2012, Security Center or similar programs removal instructions

Problem:

It seems that the majority of the corporate and personal computer issues these days are coming from fake Antivirus programs that pose as legitimate programs, even faking the Windows Security Center. These programs seem to load even if antimalware programs are installed. Fortunately, our computers have user accounts in user account mode, therefore limiting the virus’s destructive potential.

Solution(s):

For the most part, running an updated antimalware scanner such as MalwareBytes AntiMalware, ESET’s online scanner or VIPRE’s rescue scanner can find most if not all of the virus and destroy it. If you can log in as another user (an admin), browse to the user’s application data folder, usually “C:\Documents and Settings\[username]\Local Settings\Application Data” in Windows XP and prior and “C:\Users\[username]\AppData” (check all 3 folders inside) for Vista and Windows 7. The virus usually installs to this root location and may make some copies of itself in this location. Just delete any strange EXE files you find in here, they will probably all have the same recent date/time. The above scanners may also be able to handle this.

When you eradicate many of the fake Antivirus programs they often remove the EXE file association (because they had taken it over to launch the virus every time you tried to launch an application). This can be remedied by downloading the EXE fix from this website: http://www.dougknox.com/xp/file_assoc.htm

You can usually at least launch Internet Explorer when the EXE’s are not assigned to any program. If not, follow the instructions below or on the site to open RegEdit and then import the file downloaded from the site.
If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files.  To work around this, press CTRL-ALT-DEL and open Task Manager.  Once there, click File, then hold down the CTRL key and click New Task (Run).  This will open a Command Prompt window.  Enter REGEDIT.EXE and press Enter.
Thanks to Nigel Andrews for this tip.”

There are also multiple Microsoft FixIt sites or others with similar EXE registry edits and fixing solutions like this: http://support.microsoft.com/kb/837334 .

Hopefully this will help you with your infection. I have found that prevention is the best medicine and having users browse with Mozilla Firefox and Adblock Plus add-in completely resolves these fake antivirus issues.

Advertisements

Comments are closed.