So you have a Scareware/Fake AV taking over your system...
Posted: Mon Dec 21, 2009 8:03 pm
Don't Panic! (looking at my Hitchhikers Guide)
Here are a few helpful hints from your local neighborhood Spider.. um...Iceman.
1. Get a copy of Malwarebytes from Malwarebytes.com It is shareware, the free version will do just great. Put it on a USB memory stick.
2. boot up in safe mode.
3. run Malwarebytes, even without the latest updates it will catch most false antivirus programs and spyware.
4. if the Scareware does not let you startup/install Malwarebytes then boot up again in normal mode. But immediately after login hit Ctl-alt-del and start up Task Manager. Most Scareware programs will disable Task Mgr after they load. This way you get it started and you can identify the offending process that is causing it. Typically most Scareware will load a process with a funky multicharacter or all number name. Stop each weird process and see which one turns off the false antivirus icon at the bottom right corner.
5. now run malwarebytes install again. Should find it and kill it.
6. get connected to the internet, run malwarebyte, but update it, and run a FULL scan this time to get everything.
This gets about 95% of all Scareware/fake antivirus stuff.
The latest stuff is NASTY, it will deactivate Norton, AVG, etc. and take over. make sure you charge for cleaning up friends computers. You need some Christmas money.
Have a good holiday!
Here are a few helpful hints from your local neighborhood Spider.. um...Iceman.
1. Get a copy of Malwarebytes from Malwarebytes.com It is shareware, the free version will do just great. Put it on a USB memory stick.
2. boot up in safe mode.
3. run Malwarebytes, even without the latest updates it will catch most false antivirus programs and spyware.
4. if the Scareware does not let you startup/install Malwarebytes then boot up again in normal mode. But immediately after login hit Ctl-alt-del and start up Task Manager. Most Scareware programs will disable Task Mgr after they load. This way you get it started and you can identify the offending process that is causing it. Typically most Scareware will load a process with a funky multicharacter or all number name. Stop each weird process and see which one turns off the false antivirus icon at the bottom right corner.
5. now run malwarebytes install again. Should find it and kill it.
6. get connected to the internet, run malwarebyte, but update it, and run a FULL scan this time to get everything.
This gets about 95% of all Scareware/fake antivirus stuff.
The latest stuff is NASTY, it will deactivate Norton, AVG, etc. and take over. make sure you charge for cleaning up friends computers. You need some Christmas money.
Have a good holiday!