Antivirus Action - How to remove?
Antivirus Action is a dangerous computer program, one of rogue anti-spywares that are incapable to remove any kind of virus and seek only to steal computer users’ money. This scam may look as a useful security application in the beginning but in reality it’s worth nothing. If left inside the system, it will negatively affect your computer, so the one and only solution for you if you are one of its victims is to remove Antivirus Action Lite.
As a rule, Antivirus Action just like earlier created its direct copy Security Suite starts posing to be scanning your system for viruses as soon as it gets there. Mostly, this scam is installed through the use of Trojans that camouflage themselves under the name of fake system scanners or video codecs, required for watching something online. When people click on such alerts, Trojans get inside very easily and additionally download malware which starts its activity as soon as computer reboots. Trying to make you scared about the machine, AntivirusAction starts scanning the system for viruses and then reports hundreds of them detected, for example:
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
Application cannot be executed. The file notepad.exe is infected. Do you want to activate your antivirus software now.
These “viruses” in reality are fake system files, invented by Antivirus Action just after intrusion. However, there may also be some legitimate your system files reported as well, so never remove these files reported. Additionally, you will be offered to purchase Antivirus Action Standart or Antivirus Action Ultimate. Never do this!
No matter where did you get this scamware from, it’s essential to keep in mind that you must remove Antivirus Action as soon as possible. This program is a typical rogue anti-spyware, so rely only on legitimate anti-spyware and get rid of Antivirus Action.
UPDATE: Detailed instructions on removing Antivirus Action rogue.
1. Reboot, keep tapping F8. Choose Safe mode with networking from menu.
2. if your internet connection is affected, disable proxy server on your PC. choose Tools menu and select Internet Options, Connections, Lan Settings and uncheck the box
3. Download and scan your PC with spyhunter. If you can not execute it, download this version: http://downloads.2-viruses.com/IEXPLORE.exe . Do not forget to run updates BEFORE scan.
4. Delete the files Spyware Doctor finds or programs listed bellow. If you want, you can use full version of Spyware Doctor for that or try other tools : MBAM, hitman pro.
5. Fix the registry keys affected by Antivirus Action
6. Fix permissions of HOSTS File by executing these commands:
cacls “%WinDir%\system32\drivers\etc\hosts” /G everyone:f
attrib -s -h -r “%WinDir%\system32\drivers\etc\hosts”
7. Empty ALL lines from %WinDir%\system32\drivers\etc\hosts file except referencing domain localhost
8. Reboot, rescan with your antivirus software, upgrade it to internet security version. It its highly advisable to have an anti-malware program with real time protection like spyhunter or commercial Malwarebytes to prevent such infections in the further.
if something goes wrong with Antivirus Action removal procedure
a) If you can not download programs, use other PC and move them using USB drive.
b) If you can’t execute programs in safe mode, try stopping Antivirus Action processes using task manager (ctrl+shift+esc). Look for random process names. Also you might try system restore and proceed with steps 6-8 of the guide above. You have to rescan your PC to avoid hidden parasites.
c) Internet does not work after removal or behaves strangely: repeat step 2 in normal mode. Also check this guide: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
d) If you can’t do anything in safe mode or any other mode (including safe mode with command prompt), you might want to run alternate OS scanners from any of major Internet security manufacturers. Repairing windows install might be an option as well.
e) If you can access uninfected windows account on Windows 7 (possibly Vista ) machine, it is recommended to do full scan from there.