This tutorial will help you rid your computer of most fake/rogue anti-virus programs.
[blockquote]Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
With Admin Rights (Right click, choose "Run as Administrator")[/blockquote]The first thing we want to do we want to run is Malwarebytes' Anti-malware and here's how to do that:
Reboot your computer into Safe Mode with Networking using the instructions for your version of Windows found HERE
You may not be able to connect to the internet, here's how to fix that:
Now we have to stop the malware from running:
- Open up Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
- Now click on the Connections
- Now click on the Lan Settings
- Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
- Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.
The malware is preventing you from downloading any programs, running any files such as .exe (executable) and even preventing you from using safe mode or connecting to the internet. We will attempt to terminate the malware that's running on your computer and restore some of the functions by using rkill
, they both do a good job at it, it's just a matter of finding out which one will run on your computer.
If needed you can download them to a usb flash drive and then transfer them to the sick computer.
There's 3 versions of exehelper
and 5 versions of rkill
.[/b]Download and run one of these: ( rkill or exeHelper)
You only have to run one of these, it's just a matter of which one you get to run.rkill.exe rkill.com rkill.scr
WiNlOgOn.exe uSeRiNiT.exe <-----these are rkill with different file namesexeHelper.com exehelper.screxplorer.exe<----exehelper with a different file name
When you find a version that does run, immediately download and run MBAM:
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediatly.
Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.
At this point the infection should be gone but I suggest you post on the forum and let use take a look for any other malware on the system.
Post the report from MBAM and a HiJackThis log in your post.
You can download the HJT installer HERE:
Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.
Copy and paste it into your post.
If you are not a registered member...please register HERE,
then.....Start a in the Malware Removal forum.