How to Get Rid of AntiVirus Soft Malware

February 2nd, 2010 at 3:36pm |

With the new year comes a lot of new computer threats. Sure, most people have protection against computer threats such as viruses and spyware or malware, but those who design those programs can find uncomfortably tech-saavy ways to navigate around the situation. I have two computers, a Sony Vaio All-in-One computer, and an HP Pavilion laptop.

Although I have used paid anti-virus/spyware subsciptions, they conflicted with my firewall settings to the point where I just wanted something that covered the basics, and preferably was free. So, on both my laptop and computer, I have the free versions of SuperAntiSpyware and AVG Anti-Virus Free Edition, both of which I highly recommend.

So, how did I end up getting AntiVirus Soft? When I logged onto my laptop yesterday, I had a pop-up that asked me to update the latest version of Adobe Reader. I wasn’t really paying attention and just clicked, “OK”. Big mistake. AntiVirus soft was in the download files. I’m not extremely tech-saavy, so I have decided to just avoid downloading anything telling me to update Adobe Reader until I literally can’t read PDFs anymore. In which case, I will go directly to the Adobe website and download the reader there.

Common Characteristics of AntiVirus Soft

I was barraged with fake spyware and anti-virus scanning programs. The main thing to keep in mind about this program is that it’s fake - you don’t really have viruses and spyware that the program tells you. It just does that in an attempt to get you to buy the software, which it keeps asking you to do.
It changed the homepage on both of my browsers (Internet Explorer and Mozilla Firefox), to a landing page asking me to purchase AntiVirus Soft.
It blocked me from running my anti-spyware programs, downloading anything, opening files…you name it, the malware blocked it. However, it didn’t stop me from shutting down my computer.

How I Got Rid of AntiVirus Soft

First of all, I headed over to Google and found out that this was a brand new threat, so there wasn’t much out there on it. I found that many of the search results are from people who are blogging as affiliates about their spyware software, and so you might click on a link only to be directed to an affiliate download link. Or, they might direct you to the right anti-spyware software, but the link directs you to shareware sites. These sites can require open connections, which can allow computer hackers to upload keystroke (it records everything you type, which poses a threat for passwords).

I’m not an affiliate for any of these products I’m mentioning - I get all of my antispyware/anti-virus software from Download.com, not the shareware sites that some of these sites are promoting. It took me the entire day to find the right solution. So, I thought I would try to help those of you who have found yourself in this predicament by saving you some time.

Of course, what I did might not work for every kind of computer. The blog that I found to be the most helpful was Malware Removal Tips. There’s an ongoing discussion over there, so in addition to what I learned, you can probably get more information for your specific situation. Keep in mind, that if you’re able to use System Restore, then you can probably restore your computer back to before the AntiVirus Soft ever happened. However, my laptop is older and didn’t allow this to happen. So if that’s your problem to, please read on.

1) Restart your computer in Safe Mode with Networking. It can’t just be safe mode, because then the Internet won’t work. I’m running Windows XP on the laptop that got the AntiVirus Soft Malware, so just pressing “F8″ to restart it didn’t work. If this happens to you, you can check out directions on how to restart your computer at Bleeping Computer. Make sure that you’re logged into whatever user account (if more than one person uses the same computer) you were on at the time the AntiVirus Soft Malware first occurred.

2) Once you’re in the right mode, if you have Internet Explorer, you’re going to need to adjust the connection settings. If you don’t have Internet Explorer, then you can skip this step. By the way, I’m basing some of these directions on the Malware Removal Tips blog that I mentioned earlier.

Open Internet Explorer and click on the upper right hand side of the browser, where it says “Tools”. You’ll probably notice that initially you don’t have any Internet.
Select “Internet Options” and select the “Connections” tab at the top.
Go to “LAN Settings” and uncheck the box that says “Use a Poxy Server for Your LAN”, and click “OK”.
Refresh your browser, and you should see that you have an Internet connection again.

3) One suggestion by the Malware Removal Tips blog was to then go download HijackThis to clear various AntiVirus Soft registries. There’s the risk of deleting important registries this way, so be sure to go that blog for specific examples.

4) Various sites tell you to download various kinds of antisypware software, but I have found that Spybot Search & Destroy works the best for this.

So, download the installer, but first, according to Malware Removal Tips, rename it winlogon.exe or iexplore.exe (I chose the winlogon one). I’m not sure why the installer needs to be renamed, but I did it anyway.
Make sure that the Spybot Search and Destroy is fully updated, and then run a full system scan.
Once the scan is done, make sure all the spyware/malware that has been found has a check in the corresponding checkbox, and remove each one - some of which might require the computer to restart, which you’ll have to do anyway.

5) The computer will need to be restarted in Normal Mode. If your computer doesn’t restart with the Nomal Mode Selection automatically provided when pressing “F8″, then try what I did, which is to go to Start>run>type in msconfig>and make sure “Use Original BOOT.INI” is selected. Click “OK”, and then continue to restart as usual.

6) When you’ve restarted the computer in Normal Mode (again, logged into whatever user account you were on at the time the AntiVirus Soft run Spybot again to do a full computer scan. When I did this, I caught a couple of additional Antivirus Soft malware files that were present in Normal Mode but not the Safe Mode.

7) Restart the computer again and, hopefully, your computer will be free from Antivirus Soft malware