How to remove Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista?
What is Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista?
A particularly nasty family of name changing rogues resurfaced. The trojans installed on infected PC download and install fake antivirus programs that change name depending from OS running. 27 or more different names are calculated by date, and there might be more. The worst of it, these malwares try to convince user in Administration mode (on Vista or windows 7) as they pretend to be an security update distributed by Microsoft. That allows seriously cripple computer and seriously hinder removal and execution process.
You might start seeing an alert that is faked being from Microsoft on several scenarios. One is your PC is infected with trojan downloaders already and they want to convince you to install parasite using administrative mode, the second one is that you are browsing infected sites. It would not be surprising that this family of parasites would be distributed using spam emails and other media.
After “installation” program skin is downloaded and almost all operation of PC is blocked by fake antivirus program, depending on which OS you use. This might be called XP or Windows 7 AntiSpyware, AntiMalware, Security or just Guard. It might use different names, but it is generally same parasite that should be removed.
The names used by this rogue are :
All these rogues are the same, and use single main executable file called pw.exe. However, almost all functions of PC are blocked, thus it is very hard to remove this malware from your own PC. whatever you do, do not pay for these programs – they are scam, and you will not get your PC back by giving credit card details and money to these scammers.
The parasites block access to majority of internet sites. This is done to prevent you from downloading anti-malware programs and finding solution. Browsers will show various warnings :
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site’s pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.
Things you can do:
- Get a copy of [PARASITE NAME] to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)
It will also show various alerts, looking like this :
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
How to get rid of Security/AntiMalware/Guard rogues
These Security/antimalware rogues are blocking all execution of executable programs so you launch their process instead of program you want. For this reason you are most likely to need another PC to perform instructions.
ON Windows 7 or Vista you might be able to launch anti-malware programs by right-clicking on them and choosing RUN as Administrator
Update
Malware research Siri posted a key on his blog that disables warnings from this parasite and you might scan and remove it in normal mode: 1145-17884799-7733. We have dug further, this key is actually quite old one and works for older parasites in this family, including XP Security Tool 2010. You might need to enter order number, though: 21197673, and do not forget to scan with Spyhunter, Malwarebytes and Hitman pro after that: This key will not disable trojan downloaders or rootkits coming with original infection.
a) Burn these programs to CD or write them to USB disk. You can use your MP3 player, or smartphone if it has storage functions. This parasite does not spread through USB at the moment:
- Spyware Doctor ( http://www.2-viruses.com/spdoc.exe )
- Registry fix : http://www.2-viruses.com/wp-content/uploads/exeregfix.reg
- You might want to include Hitman Pro or Malwarebytes as alternate scanners. Though you are likely to be able to download them later on.
b). Boot normally. wait for rogue program to launch, and run exeregfix.reg . This should allow launching legitimate programs
c) Delete or remove the files that are mentioned in our files box. You can use Spyhunter to identify the infected files and additional infections. Do not forget update it before scanning. Remove what it finds.
d) Scan with secondary tools and reboot your PC. You should be XP/VISTA/WIn 7 Antimalware/Security/Security free.
In some cases virus mutates and you can not perform some part of these instructions. In such cases we recommend trying scans from within safe mode, or doing Alternate OS scans by tools from one of antivirus program makers, for example this : http://pctools.com/aoss
We recommend purchasing full versions of Spyhunter, malwarebytes anti-malware or other good antimalware scanners to warn and prevent such infections in the future.
Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista is Extremely dangerous
Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista is a corrupt Anti-Spyware program Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista may spread via Trojans Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista may display fake security messages Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista may install additional spyware to your computer Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista may repair its files, spread or update by itself Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista violates your privacy and compromises your security
for Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista detection
Note: Spyhunter trial provides detection of parasite like Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
Manual Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista removal
Important Note: Although it is possible to manually remove Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other malware and spyware removal applications found on 2-viruses.com.
Stop these Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista processes:
Remove these Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista Registry Entries:
Remove these Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista infected files and get help in Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista removal by using free Spyhunter scanner. It comes with free real-time protection module that helps preventing Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista and similar threats.
Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista can help you to remove it after you download the trial version. As soon as the victim downloads Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista offers to buy the full version to fix these false errors. If the user agrees, Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.
Some Rogue Anti-Spyware, such as Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista, which is another way for Rogue Anti-Spyware to spread itself.
Most of rogue Anti-Spyware, such as Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista, is nearly impossible to remove manually.
Just got hit with this tonight.
Popped in a Puppy linux Live DVD and got all my stuff back.
AAAWWWW Waaaaaaaaahhhhhh this malware cannot infect LINUX Aaaaawwwwww.
D@am malware
And DOUBLE D@M on the person that wrote it.
Wasted 45 mins of my life doing a dump to a external HD through LINUX to save all my stuff from a corrupted WIN partition.