Welcome To UniversalTechSupport

Fake Antivirus issue.

Go down

Fake Antivirus issue.

Post by Admin on Thu Nov 14, 2013 12:15 am

Fake Antivirus issue.

Step: 1 Try to open “msconfig” Do clean boot using system configuration utility

Disable all the third party services and the startups.
Step: 2 Restart the computer in safe mode with networking.
Step: 3 Open internet explorer properties , Click on the connection tab – LAN settings—uncheck the proxy server settings .

Step: 4 Open MSCONFIG click on the startup tab , most of the fake anti virus program will have a fake name in the startup items (For: ex sDfrewrtrhs)
Step: 5 Open registry editor “Click Start->Run->type regedit->hit enter” (If unable to open the registry editor or task manager try step 12)
Note: Before making any changes to registry editor take a back up of entire registry editor.
Step: 6 Browse to: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” on the right pane look for the fake AV name and delete it
Step: 7 Browse to: “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” on the right pane look for the fake AV name and delete it
Step: 8 open MY computer C:\ProgramData\ find the fake antivirus program and delete it
C:\Documents and Settings\All Users\Application Data\ find the fake antivirus program and delete it.
Step: 9 Clear the Recycle bin, temp, prefetch, browser optimization(deleting history clearing internet temp files and cookies) .
Step: 10 Run any antivirus tool and perform a system scan.
Step: 11 restart the computer to normal mode .
Step: 12 Download and run Autoruns.

Step: 13 Open Autoruns and Click on Options .As per the image given below .
Step: 14 Put a check mark on " Hide Microsoft and Windows Entries"and "Vefify Code Signatures" .

Step: 15 Look for the term "Inspector" or "Protector" in the given registry editor path especially under Run.If found any of these please click on Image Hijacks

Step: 16 Click on "Image Hijacks" option , then uncheck the regedit.exe and taskmgr.exe.

Step: 17 Then restart the computer in safe mode with networking if you are working on Normal mode.
Step: 18 Open registry editor and delete the following .exe files
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe”

“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe”

“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe”
Step: 19 Restart the computer in normal mode .


Posts : 181
Join date : 2013-11-13

View user profile http://universaltechsupport.4rumer.com

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum