Defeating Fake Anti-Virus Malware

This is the scenario: You are online and suddenly an "official looking" pop-up tells you that your computer is rife with malware, your identity is potentially compromised, and your system is about to fail, but if you spend $19.99 we can make it all go away... I hate malware, and I hate malware that bilks you out of your hard-earned money even more than I hate an early morning jog in January. (I hate running, in case you're a bit slow) Luckily, you needn't spend a penny to get rid of this issue, no need to make an appointment with the squad at Best Buy, you don't even have to call cousin Cletus who is "good with them thar computers". Our friends over at howtogeek.com have put together a spot-on article with excellent tips on how to eradicate this type of pest: http://www.howtogeek.com/howto/43090/heres-a-super-simple-trick-to-defeating-fake-anti-virus-malware/

Here's the article for your reading pleasure:

So what’s the problem? Can’t you just run a anti-virus scan? Well… it’s not quite that simple. What actually happens is that these pieces of malware block you from running almost anything on your PC, and often prevent you from running apps from a Flash drive, with an error like this:

Once you encounter this error, there’s a couple things you can do. The first one is almost stupidly simple, and works some of the time:

Move the Dialog, and Try Again!

Yeah, that’s right—reader Robert wrote in to tell us that you can often just move that error to the side of the screen, and then try to run your anti-malware or anti-spyware application again. Turns out that some of the errors will only run once… and then you can get your favorite application running.

If that doesn’t work, then here’s the next great tip…

Rename Your Anti-Malware App to Explorer.exe

Since most of the fake anti-virus malware needs you to be able to slightly use your PC, the one executable that it won’t ever block is “explorer.exe”, since they want you to be able to get online and go to their site and pay them—not so easy if you have no Start Menu.

So just rename your favorite anti-malware application to explorer.exe, and you should be able to use it.

Thanks to reader Jeffrey for writing in with this tip.

General Guide to Defeating Fake Anti-Virus Infections

There’s a couple of steps that you can generally follow to get rid of the majority of rogue antivirus infections, and actually most malware or spyware infections of any type. Here’s the quick steps:

• Try to use the free, portable version of SUPERAntiSpyware to remove the viruses.
• If that doesn’t work, reboot your PC into safe mode with networking (use F8 right before Windows starts to load)
• Try to use the free, portable version of SUPERAntiSpyware to remove the viruses.
• Reboot your PC and go back into safe mode with networking.
• If that doesn’t work, and safe mode is blocked, try running ComboFix. Note that I’ve not yet had to resort to this, but some of our readers have.
• Install MalwareBytes and run it, doing a full system scan. (see our previous article on how to use it).
• Reboot your PC again, and run a full scan using your normal Antivirus application (werecommend Microsoft Security Essentials).
• At this point your PC is usually clean.

These steps generally work.

Can’t Even Boot Anymore? Here’s Your Solution

All you have to do is use a repair disk from one of the anti-virus manufacturers, who have each created downloadable ISO images that you can burn to a CD, or install onto a USB flash drive. Boot from it, run a scan, and then your PC will be clean.

• How to Use the BitDefender Rescue CD to Clean Your Infected PC
• How to Use the Avira Rescue CD to Clean Your Infected PC
• How to Use the Kaspersky Rescue Disk to Clean Your Infected PC

We prefer using the BitDefender CD, since it’s automated and simple, but it couldn’t hurt to use more than one if necessary… so why not combine a bunch of recovery tools together? Here’s how:

How to Combine Rescue Disks to Create the Ultimate Windows Repair Disk