Fake antivirus

I've got that fake antivirus that launches a fake scan. My mom had it last year and IIRC her computer had to be wiped and reformatted. Am I correct or is there a download available to kill it? (I tried doing a search online, but it occurred to me that looking for an antivirus fix may actually result in me downloading a virus to my kid's laptop.)

thanks
:hi:

It really depends on exactly what you have.

i'll try the website you suggest. thanks

I've gotten that shit three times in the past 3 months. It's a bitch.. But I can give you the course I followed, which might not work for you if you've had it for awhile. I have Vista, so if you have another OS, it might not work the same.

The first thing I do when I see the first pop-up is to immediately control-alt-delete, which will then pop up with the security options, and I select Task Manager. Go into processes, and you will see a process that first launched today, usually called "ave.exe" running. Before you hit "end-process" right click on the entry and select "Open file location" and select enter. It will bring you to the internet temporary files directory when the command is located. Keep that window open, and return to the Task Manager, right click on the virus file, and "end process." It's going to want to relaunch itself, so you have to be quick. When you end that process, return to the directory you opened with the virus file in it, and delete the file. Don't go anywhere, though. In the same directory, there will be another file with the same date on it, made up of various random numbers/letters/both, which is the stealth file that launched the virus to begin with. Delete that immediately as well.

Re-check the processes again to make sure it's not showing up again. The nasty part is over for the most part, but depending on how long it's been on the computer, it could have hidden itself elsewhere in your system. But if you did all steps, you will be okay.

Next step is a pain, but it's a lot simpler. You're going to find launching an *.exe file is very difficult, because the virus at some point put itself into the system and changed the file association of your *.exe files to something other than launching the program as their own root. This is extremely aggravating, and it's the one where I tell you to google for a fix to help make *.exe files launch again, because there are several ways of doing it, many of them telling you to go to regedit, find a certain entry and alter the reg file reference. I prefer finding a *.reg file from a respected and trustworhy site, download it, and double click on it to make the fix automatically. If you decide to go the same way as I do, put it on your desktop, because you're going to have a tough time getting into your other directories until the fix is made.

Last step. If you haven't already got Malwarebytes anti-Malware, download it from cNet, ZDnet, or some other site. Google it, if you need to, and you'll find it. If you had run BAM earlier, when the virus was still active, it would have altered the file, and prevented you from killing the virus. I know--I tried, and MBAM ran most of the night, only finding absolutely nothing. When it scans your system, MBAM will likely return three entries to take care of--tell it to delete them or move to the vault, and after that, you should be cleaned off.

That's it.

Someone told him what a torrent was and he went a little crazy.

...there is a new strain of the virus on Vista that prevents you from running AntiMalware. Before you can do it, you need to reset some entries in the registry. Fortunately, that's pretty easy. If you can't launch NotePad on the infected machine, open a NotePad file on another machine. Call it fix.txt and copy/paste the following exactly:

Windows Registry Editor Version 5.00

<-HKEY_CURRENT_USER\Software\Classes\.exe>
<-HKEY_CURRENT_USER\Software\Classes\secfile>
<-HKEY_CLASSES_ROOT\secfile>
<-HKEY_CLASSES_ROOT\.exe\shell\open\command>
@="\"%1\" %*"
@="exefile" "Content Type"="application/x-msdownload"



Save the file, exit NotePad, and rename it "fix.reg". If you had to use a second machine, copy it to a USB thumb drive so you can get it over to the infected machine. You may get a bunch of fake failure messages when you mount the thumb drive, but it should still appear in the Windows Explorer.

Either way, on the infected machine just double-click on fix.reg. If the machine doesn't reboot on its own, reboot it yourself. Then download the free version of AntiMalware from http://www.malwarebytes.org and run it. Make sure you select the option to update the signature file. Run a quick scan (default) on the system. This could take a while - 10 minutes or more. It will come up with a list of infected files and registry entries. Make sure they are all selected (check mark) and hit the button that says "Remove infected" or "Fix files" or whatever it says - I don't have it running right now. The meaning is obvious.

WARNING: This fix.reg file is ONLY for Vista (as far as I know). It is a "use at your own risk" and "at last resort" approach. Try to download and run AntiMalware before you mess with fix.reg at all. If you can run it without using fix.reg, do so and leave it at that.

If you can do the restore back to before you where infected you will be okay. If not and Malwarebytes doesn't work reformat!