Friday, November 12, 2010

How to Remove Fake Anti Virus Action

Action AntivirusAfter my previous post about how to remove Thinkpoint antivirus, a lot of things have changed. We have another new fake antivirus called Antivirus Action, a malware infecting computers which tricks users into thinking that it is a legit and free antivirus. Usually, you get it while surfing malicious websites which pop-up fake warning windows and scanners on the computer screen. At this point the fake antivirus window will warn that your computer is full of viruses and will prompt you to download the free Antivirus Action. So let’s see how to uninstall and remove it! Be Aware that most of the time your computer, after removing the fake antivirus, will become sluggish or unresponsive so that it might be necessary to reinstall the operating system completely.

As soon as you install Antivirus Action, it will start scanning your computer and will report you that your machine is full of threats and viruses. Of course it is not true because no scanning is performed at all. The whole purpose is to convince you to pay for the full version of the software. The malware will also automatically start every time you boot your Windows operating system and each time it will warn you about infections and viruses.

Antivirus Action is coded to prevent you from performing any kind of action while it fakely scans your computer and, as a consequence, you will be stuck in front of your screen waiting for the malware to finish its phony scanning. It will also report your the following security warning: “Windows Security Alert – Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.” Antivirus Action will also hack your Internet Explorer browser so that every time you open it you will get warning messages.

Here is the removal procedure and legit and free programs that will help you get rid of this pestware!

1) Reboot your computer and press the F8 key. This will let you access to the Windows Advanced Menu Option. Now, select the following option: Safe Mode with networking and press Enter. This option will let you reboot your PC in Safe Mode and at the same time you will be able to access the Internet. The goal of this is to temporary disable certain Antivirus Action features so that you will be able to remove the virus easily.

1.1 Run Internet Explorer.
1.2 Click Tools – Internet Options.
1.3 Now, click Connections Tab and click to Lan Settings button.
1.4 Untick the Use a proxy server check box.
1.5 Click OK .

2) Download rkill.com . This small software will let you get rid of of certain processes which could prevent you from removing Antivirus Action.

3) Now, download and run Malwarebytes’ Anti-Malware . This software is not free. It is shareware but its “limited-mode” will let you get rid of certain files belonging to the fake antivirus. As soon as Malwarebytes starts you have to instruct the software to perform a full scan of your system. Please, be aware that this scanning may take quite along time but you can be certain that at the end other, new, dangerous files fill be removed from your machine.

4) Now, download and run Hostsperm.bat . You have to know that Antivirus Action, after being installed, it will automatically uninstalled your Windows HOSTS file. Hostsperm will replace it with a new one!

5) Now, get rid of C:\Windows\ System32\ Drivers\etc\ HOSTS. After you have deleted it, download all these files and put them in the following folder: C:\Windows\ System32\ Drivers\ etc:

Windows XP HOSTS File
Windows Vista HOSTS
Windows 2003 Server HOSTS File
Windows 2008 Server HOSTS File
Windows 7 HOSTS File

6) Reboot your computer.

7) Download and run Spybot Search&Destroy. This excellent software will scan your whole computer looking for malicious pestware and malware and it will also get rid of Antivirus Action leftovers.

8 ) If you want to completely clean your computer and give it its “old freshness” you could even try to remove the following registry keys. This will make your computer faster and more responsive.

Files and Registry keys to remove in Windows 7 registry

Delete these files:

  • C:\Users\Username \AppData \Local\Temp\ [random characters of words and numbers]
  • C:\Users\Username \AppData \Local\Temp\ [random characters of words and numbers]\[random characters of words and numbers]yhsn.exe

Delete these registry values:

  • HKEY_CURRENT_USER\ Software\ [random characters of words and numbers]
  • HKEY_CURRENT_USER\ Software\Microsoft\ Internet Explorer\PhishingFilter “Enabled” = “0″
  • HKEY_CURRENT_USER\ Software\Microsoft\Windows\ CurrentVersion\Internet Settings “ProxyOverride” = “”
  • HKEY_CURRENT_USER\ Software\Microsoft\Windows\ CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:33921″
  • HKEY_CURRENT_USER\ Software\Microsoft\ Windows\ CurrentVersion \Internet Settings “ProxyEnable” = “1″
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\CurrentVersion \Run “[random characters of words and numbers]yhsn.exe”
  • HKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Run “[random characters of words and numbers]yhsn.exe”

What follows is very good visual tutorial (video) which will guide you through the different steps to take to uninstall the pestware. Very good info and cleared explained!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)