Saturday, 2 April 2011

How to Remove Antimalware Tool (Uninstall Guide)

Antimalware Tool is a rogue security program that claims to scan your computer for malware, reports fake infections, and displays misleading warnings to make you think that your computer is infected with spyware, Trojan horses and viruses. The fake AV then states you need to pay money to register the software to remove the non-existent threats. Antimalware Tool is installed in a variety of ways. Usually, it is promoted through the use of fake online scanners, infected websites or it may pop-up on your computer screen like from nowhere if your computer is already infected and belongs to a certain botnet. Antimalware Tool impersonates Windows Defender which is a perfectly legitimate anti-spyware program. Do not fall for the AntimalwareTool. We've got the removal instructions to help you to remove Antimalware Tool and any related malware for free. Please follow the removal instructions below.



When run, Antimalware Tool performs a fake scan of the system, and falsely claims that a number of files on your computer are infected with malicious software. It also prevents certain applications from running by terminating them and then displaying a fake warning that suggests that the application is infected or may harm your computer. The rogue application hijacks web browsers too. It may redirect you to bogus or infected websites. Of course, don't expect anything but more malware from those malicious websites. Antimalware Tool displays fake firewall alert saying that your computer is being attacked from a remote machine or that the Internet Explorer is infected with a Trojan horse that can send your credit card information to a remote server. Malware authors have been using such aggressive campaigns for a long time. You should ignore such fake alerts and notifications. The figures below show the fake infection reports that you may see when it's installed:
Antimalware Tool Firewall Alert
Antimalware Tool has prevented a program from accessing the Internet.
"iexplore.exe" is infected with Trojan. This worm has tried to use "iexplore.exe" to connect to remove host and send your credit card information.

Remove spyware and other potentially unwanted software
Antimalware Tool detected 1 harmful application(s).
It is recommended to clean your computer immediately.
Although, it is possible to manually remove Antimalware Tool, however, to insure no risk of damage to your computer, it is advisable to use anti-malware software. There is also an online support system where you can send your complaints or ask for a refund. Don't use it and don't give your email address to the cyber-criminals behind this rogue application. Your email can be used for future attacks and spam emails. If you have already purchased this corrupt application, you should contact your credit card company and dispute the charges stating that the program is a computer infection. To remove Antimalware Tool, please use the removal guide below. If you need further assistance in removing this rogue anti-malware application, please leave a comment below. Also, if you have any additional information about this malware, please let us know. Good luck and be safe online!


Antimalware Tool removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternate Antimalware Tool removal instructions:

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry in the scan results (Windows XP):
O4 - HKLM\..\Run: [SET OF RANDOM CHARACTERS] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi", DllUnregisterServer
O4 - HKCU\..\Run: [SET OF RANDOM CHARACTERS] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi", DllUnregisterServer
O4 - Startup: [SET OF RANDOM CHARACTERS].lnk = C:\WINDOWS\system32\rundll32.exe


Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
    3. Download free anti-malware software from the list below and run a full system scan.
    NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

    4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


    Associated Antimalware Tool files and registry values:

    Files:

    Windows XP
    • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]_.mkv
    • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi
    • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].ico
    • C:\Program Files\Antimalware Tool
    • C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].dll
    Windows Vsita/7
    • C:\ProgramData\[SET OF RANDOM CHARACTERS]_.mkv
    • C:\ProgramData\[SET OF RANDOM CHARACTERS].avi
    • C:\ProgramData\[SET OF RANDOM CHARACTERS].ico
    • C:\Program Files\Antimalware Tool
    • C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS].dll
    Registry values:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
    Share the knowledge:

    No comments:

    Post a Comment