Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista - How to remove?

 

A particularly nasty family of name changing rogues resurfaced. The trojans installed on infected PC download and install fake antivirus programs that change name depending from OS running. 27 or more different names are calculated by date, and there might be more. The worst of it, these malwares try to convince user in Administration mode (on Vista or windows 7) as they pretend to be an security update distributed by Microsoft. That allows seriously cripple computer and seriously hinder removal and execution process.

You might start seeing an alert that is  faked being from Microsoft on several scenarios. One is your PC is infected with trojan downloaders already and they want to convince you to install parasite using administrative mode, the second one is that you are browsing infected sites. It would not be surprising that this family of parasites would be distributed using spam emails and other media.

After “installation” program skin is downloaded and almost all operation of PC is blocked by fake antivirus program, depending on which OS you use. This might be called XP or Windows 7 AntiSpyware, AntiMalware, Security or just Guard. It might use different names, but it is generally same parasite that should be removed.

The names used by this rogue are :

XP VISTA Win 7
XP Antispyware 2011 or XP Antispyware Vista Antispyware 2011 or Vista Antispyware Win 7 Antispyware 2011 or Win 7 Antispyware
XP Security 2011 or XP Security Vista Security 2011 or Vista Security Win 7 Security 2011 or Win 7 Security
XP Internet Security 2011 or XP Internet Security Vista Internet Security 2011 or Vista Internet Security Win 7 Internet Security 2011 or Win 7 Internet Security
XP Antimalware 2011 or XP AntiMalware Vista Antimalware 2011 or Vista AntiMalware Win 7 Antimalware 2011 or Win 7 AntiMalware
XP Guard Vista Guard Win 7 Guard

All these rogues are the same, and use single main executable file called pw.exe. However, almost all functions of PC are blocked, thus it is very hard to remove this malware from your own PC.  whatever you do, do not pay for these programs – they are scam, and you will not get your PC back by giving credit card details and money to these scammers.
The parasites block access to majority of internet sites. This is done to prevent you from downloading anti-malware programs and finding solution. Browsers will show various warnings :

Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.
Things you can do:
– Get a copy of [PARASITE NAME] to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)

It will also show various alerts, looking like this :

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

How to get rid of   Security/AntiMalware/Guard  rogues

These Security/antimalware rogues are blocking all execution of executable programs so you launch their process instead of program you want. For this reason you are most likely to need another PC to perform instructions.
ON Windows 7 or Vista you might be able to launch anti-malware programs by right-clicking on them and choosing RUN as Administrator

Update

Malware research Siri posted a key on his blog that disables warnings from this parasite and you might scan and remove it in normal mode: 1145-17884799-7733. We have dug further, this key is actually quite old one and works for older parasites in this family, including XP Security Tool 2010. You might need to enter order number, though: 21197673, and do not forget to scan with spyhunter, Malwarebytes and Hitman pro after that: This key will not disable trojan downloaders or rootkits coming with original infection.

a) Burn these programs to CD or write them to USB disk. You can use your MP3 player, or smartphone if it has storage functions. This parasite does not spread through USB at the moment:

  1. Spyware Doctor ( http://www.2-viruses.com/spdoc.exe )
  2. Registry fix : http://www.2-viruses.com/wp-content/uploads/exeregfix.reg
  3. You might want to include Hitman Pro or Malwarebytes as alternate scanners. Though you are likely to be able to download them later on.

b). Boot normally. wait for rogue program to launch, and run exeregfix.reg . This should allow launching legitimate programs

c) Delete or remove the files that are mentioned in our files box. You can use spyhunter to identify the infected files and additional infections. Do not forget update it before scanning. Remove what it finds.

d) Scan with secondary tools and reboot your PC. You should be XP/VISTA/WIn 7 Antimalware/Security/Security  free.
In some cases virus mutates and you can not perform some part of these instructions. In such cases we recommend trying scans from within safe mode, or doing Alternate OS scans by tools from one of antivirus program makers, for example this : http://pctools.com/aoss

We recommend purchasing full versions of spyhunter, malwarebytes anti-malware or other good antimalware scanners to warn and prevent such infections in the future.

 

Automatic Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista removal tools

 
  Download Spyhunter for Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista detectionNote: Spyhunter trial provides detection of parasite like Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 

Manual Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista removal

 

Important Note: Although it is possible to manually remove Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Processes:
Files:
Registers:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista infected files and get help in Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista removal by using Spyhunter scanner. 

 
 
 

Related videos

 
 
 
 
 
 
 
 

One thought on “Fake Security/AntiMalware/Guard antiviruses for Win 7, XP or Vista

  1. DigitalBBQ
     

    Just got hit with this tonight.
    Popped in a Puppy linux Live DVD and got all my stuff back.
    AAAWWWW Waaaaaaaaahhhhhh this malware cannot infect LINUX Aaaaawwwwww.

    D@am malware
    And DOUBLE D@M on the person that wrote it.
    Wasted 45 mins of my life doing a dump to a external HD through LINUX to save all my stuff from a corrupted WIN partition.

     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>