When run, Antimalware Tool performs a fake scan of the system, and falsely claims that a number of files on your computer are infected with malicious software. It also prevents certain applications from running by terminating them and then displaying a fake warning that suggests that the application is infected or may harm your computer. The rogue application hijacks web browsers too. It may redirect you to bogus or infected websites. Of course, don't expect anything but more malware from those malicious websites. Antimalware Tool displays fake firewall alert saying that your computer is being attacked from a remote machine or that the Internet Explorer is infected with a Trojan horse that can send your credit card information to a remote server. Malware authors have been using such aggressive campaigns for a long time. You should ignore such fake alerts and notifications. The figures below show the fake infection reports that you may see when it's installed:
Antimalware Tool Firewall Alert
Antimalware Tool has prevented a program from accessing the Internet.
"iexplore.exe" is infected with Trojan. This worm has tried to use "iexplore.exe" to connect to remove host and send your credit card information.
Remove spyware and other potentially unwanted softwareAlthough, it is possible to manually remove Antimalware Tool, however, to insure no risk of damage to your computer, it is advisable to use anti-malware software. There is also an online support system where you can send your complaints or ask for a refund. Don't use it and don't give your email address to the cyber-criminals behind this rogue application. Your email can be used for future attacks and spam emails. If you have already purchased this corrupt application, you should contact your credit card company and dispute the charges stating that the program is a computer infection. To remove Antimalware Tool, please use the removal guide below. If you need further assistance in removing this rogue anti-malware application, please leave a comment below. Also, if you have any additional information about this malware, please let us know. Good luck and be safe online!
Antimalware Tool detected 1 harmful application(s).
It is recommended to clean your computer immediately.
Antimalware Tool removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate Antimalware Tool removal instructions:
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for such entry in the scan results (Windows XP):
O4 - HKLM\..\Run: [SET OF RANDOM CHARACTERS] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi", DllUnregisterServer
O4 - HKCU\..\Run: [SET OF RANDOM CHARACTERS] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi", DllUnregisterServer
O4 - Startup: [SET OF RANDOM CHARACTERS].lnk = C:\WINDOWS\system32\rundll32.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Associated Antimalware Tool files and registry values:
Files:
Windows XP
- C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]_.mkv
- C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi
- C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].ico
- C:\Program Files\Antimalware Tool
- C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].dll
- C:\ProgramData\[SET OF RANDOM CHARACTERS]_.mkv
- C:\ProgramData\[SET OF RANDOM CHARACTERS].avi
- C:\ProgramData\[SET OF RANDOM CHARACTERS].ico
- C:\Program Files\Antimalware Tool
- C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS].dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
No comments:
Post a Comment