Removing Fake Antivirus

thejuan Posts 9 Registration date Saturday July 11, 2009 Status Member Last seen November 13, 2012 - Jul 4, 2010 at 05:23 AM
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 - Dec 22, 2010 at 04:15 PM
Hello, I have been infected with a fake antivirus program and it just invaded and remove my internet connection. My antivirus won't run and frequent system crashes is observe. It also shows bunch of alerts on the computer saying that I am infected with virus. I believe this was the one infected my computer.

3 replies

Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,253
Jul 4, 2010 at 05:32 AM

Here is how to get rid of this scam rogue virus designed to get to your credit card account and it is a good thing you did not fall for it.

Please follow the following procedure carefully and to the letter.

You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.

You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.

To kill the processes:

Boot in safe mode with networking.

1. Download to your desktop and run Rogue Kill:

2. You should now see a window that shows all of your desktop icons, including the program.

3. Double-click on the in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)

Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.

Please let us know about the results or I may throw a curse on your system which will cause to bark all the time.:)))

Best regards
Hello if you still cant get to your internet please do this to get it back on as the Rouge Trojan may turned it on to stop you getting access to the internet to download anything from it.....

Hello thejuan please check if your proxy is unticked as the virus may turned it on.

Removing proxy settings will allow you to properly connect to the Notre Dame network which does not require a proxy.

1. Open Internet Explorer
2. Click on the "Tools" menu at the top of the screen and select "Internet Options".
3. Click on the "Connections" tab and then the "LAN Settings" button near the bottom.
4. In the next window, uncheck the box labled "Use a proxy server for your..." Local Area Network and then click "OK".

Hello Ambucias you seem to beat me to this as i was about to tell him what to do bu i say you must have all this on a notepad then you copied and pasted it on here as i know it's the same writing all the time :)))

but i knew she would have to do the same as this to remove it!!
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,253
Jul 4, 2010 at 05:49 AM
It is 6:45 AM here, the early bird gets the early worm (awful taste)

No, no, I retype all of my messages, just to get exercise!:)))

Good advice for the internet connection in case the safe mode with networking does not work. I see that you are looking after me. Thank you! What a team!
I had a fake antivirus attack, and how I got rid of it by:

1. Go to start: Run (you may have to search for "run") - i was unable to go to run at first, so I had to re-start my computer and go there before the program had started to block it (you have about 1 minute between the start of the computer and the start of the program)
2. type in "msconfig" and click OK.
3. under the "startup" tab, there is a list of all the programs that start when your computer starts. Because this anti-virus is a program that opens automatically, it should be on that list. Look for a program with a weird name, and de-select the program.
4. Restart the comptuer again. If you selected the correct program, the fake antivirus will not open when you restart your computer, if not, re-select the program you de-selected in step 3, and de-select a different program. Continue step 3 until you have correctly identified the fake anti-virus. It may take you a few tries to identify the correct program.
5. re-open "Run" and "msconfig" and look at the "location" of the program that you identified as the fake anti-virus.
6. follow the location and delete the file (mine was located in my temproary files).
7. to finish, run your antimalware (i prefer malwarebytes) so it can clean up anything you have missed.

if your internet doesnt work, go into internet settings/options and select "security." go into your "LAN settings" and de-select the proxy. then your internet should work again.

Hope that helps!
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,253
Dec 22, 2010 at 04:38 AM
Thank you Jean,
It is another approach. It would useful here if you would give the name of the fake programme which you removed as there are several of them and they are different. Thanks
The program on mine was "antivirus 2009."
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,253
Dec 22, 2010 at 04:15 PM
Thank you Jean