Sharing IT knowledge ...and a little more

Removing Fake Windows 7 Antivirus Malware

by · Published · Updated

If you’ve ever received the fake Windows 7 Anti-Virus Spyware, then you know how frustrating it can be. This malicious piece of code will reek havoc on your computer and has duped many unsuspecting folks out of their hard earned money. It gets installed on your PC by going to infected web sites. Essentially the main goal of this malware is to make you believe that your computer is infected with dozens of viruses. Once it is on your PC, it will pop up a screen displaying all these supposed viruses on your computer and try to get you to buy their Windows 7 Anti-Virus software that will clean up your computer and return things back to normal.  It is a scam. It has been reporting that the folks responsible for this has made millions around the world by folks entering in their credit card information to purchase their Anti-Virus software that never existed in the first place. I have personally seen this malware on many machines including several  in my home and also know of folks who actually spent money trying to buy something that was a fake all along. One of the reason this particular scam was so successful is because of how difficult it is to COMPLETELY remove from your computer! Just when think you have it all cleaned, it rears it’s ugly head. The rest of this article describes how to remove this parasite from your computer forever.

Before I begin, there were several websites and forums on the Internet that helped me figure this thing out. Without those good folks, I may have just started from scratch and re-image the computers. I credit all of them at the end of this article.

1. First you must download the following software onto a USB key:
SUPERAntiSpyware Portable Scanner – This program does not need Internet access in case your browser has been hijacked. It is a good idea to regularly keep your USB key updated and download this program every month or two.
Malwarebytes Anti-Malware – One of the better free anti-malware applications along with SuperAntiSpyware available. It is a good idea to regulary keep your USB key updated and download this program every month or two.
Microsoft Security Essentials – A very good free Anti-Virus/Malware application from Microsoft.
Windows 7 Clean Firewall Registry – clean Windows 7 Firewall registry.
Base Engine Filtering (BFE) Registry – clean Windows 7 BFE registry.

2. On the infected computer, reboot into Safe Mode using the F8 key as your computer is coming up. Read the following article from the good folks at HowtoGeek.com on how to use SuperAntiSpyware and Malwarebytes to remove the fake anti-virus infection.

3. Run the SUPERAntiSpyware Portable Scanner (SAS_#####.COM) program to scan and remove all malware and viruses.

4. Run the Malwarebytes program to scan and remove all remaining malware. You must install this application if you have not done so already. It is not portable like SUPERAntiSpyware Portable Scanner. Again, please reference the HowtoGeek article for details.

5. Reboot your PC normally.

6. Check your Firewall Settings. see the following article on how to do this. As a double check, please open the Services snap-in by selecting the Start button and typing Services.msc and press enter. In the Services Name column make sure the following two services have a status of Started:
Base Filtering Engine
Windows Firewall
If one or both of these service are not started or you can not start them OR if they are missing, please continue with the rest of this article to repair the damage to your firewall caused by the fake anti-virus infection.

7. Repairing Window Firewall

Launch and import the firewall.reg and bfe.reg into the registry by double-clicking on each registry file.
Restart your PC
Select the Start button and type regedit. Select regedit.exe to open the registry. PLEASE BE CAREFUL HERE! Mistake made in the registry can render your PC useless.

Navigate to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on it-permissions and click on ADD and type Everyone and click OK
Now Click on Everyone
Below you have permission for users
Select full control and click OK
Select the Start button and type services.msc and press enter
Start the following services in the order below
Base Filtering Engine service
Windows Firewall service

References and Credits:
http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/5366225a-46e7-4d6c-a389-8bd18a5c3aad
http://www.howtogeek.com/57837/how-to-remove-win-7-anti-spyware-2011-fake-anti-malware-infections/

Tags:

George Almeida

Welcome to my little corner of the blogosphere. I'm an Information Technology Director. I specialize in Windows operating systems, applications, servers, storage, networks and also have a technical background on the IBM iSeries platform. My only purpose for this blog is the hope that it helps someone, someday, somewhere. Any meager proceeds derived from our sponsors will be donated to charity.

You may also like...

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x