Antivirus Soft video: (http://www.youtube.com/watch?v=LYHXOkRlOdM)
The most annoying thing about this fake program is that Antispyware Soft blocks nearly all legitimate programs and of course it blocks anti-virus and anti-spyware programs in the first place. It displays an error message with the following text:
"Security warning
Application cannot be executed. The file rundll32.exe is infected. Do you want to activate your antivirus software now?"
In reality, thought, rundll32.exe isn't infected; Antispyware Soft just wants to make you think that it is. As usual, rogue programs display many fake security warnings and AntispywareSoft is not an exception. It also constantly displays fake alerts stating that your computer is infected with malware. The rogue program impersonates Windows Security Center and reports several fake infections, for example:
"Antvirus software alert
Infiltration alert - Virus attack
Your computer is being attacked by internet virus. It could be a password stealing attack, a trojan - dropper or similar.
Threat: Win32/Nuqel.E
Threat: BankerFox.A"
It gives another threat every few seconds. This fake program is prompted through the use of such misleading web sites as Alphaantivir.com or Trojans. It may come bundled with other malware too.
Now, the most important question is how to remove this malware from PC? First of all, you will have to reboot your computer is Safe Mode with Networking, disable proxy server for Internet Explorer and download free and reputable anti-malware program to remove this infection. If you can't reboot your computer is Safe Mode with Networking then you will have to use HijackThis tool to stop the main processes of Antispyware Soft malware. Please follow detailed Antispyware Soft removal instructions below. Most importantly, don't purchase it. If you have already purchased this fake program then you should contact your credit card company and dispute the charges. If you have any questions or additional information about this virus please don't hesitate and leave a comment. Good luck and be safe!
Antispyware Soft removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
3. Download SUPERAntispyware, MalwareBytes Anti-malware or Spybot - Search & Destroy and run a full system scan. NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. Launch the program and follow the prompts. Don't forget to update the installed program before scanning. Then reboot your computer in "Normal Mode" and run a system scan again. That's it!
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternative Antivirus Soft removal instructions using HijackThis (in Normal mode):
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for similar entries in the scan results:
O4 – HKLM\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\lkwctssd.exe
O4 – HKCU\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\lkwctssd.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
The process name will be different in your case. But it has the same structure: [RANDOM]tssd.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
3. Download SUPERAntispyware, MalwareBytes Anti-malware or Spybot - Search & Destroy and run a full system scan. NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Antispyware Soft associated files and registry values:
Files:
- %UserProfile%\Local Settings\Application Data\[random]
- %UserProfile%\Local Settings\Application Data\[]random\[random]tssd.exe
- HKEY_CURRENT_USER\Software\AvScan
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[random]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random]
Share this information with other people:
No comments:
Post a Comment