A new threat that comes under the guise of a genuine antivirus program has become increasingly prevalent over the past year. Offering to locate and remove malware from your PC, this rogue will actually install a Trojan on your unsuspecting system. The process is usually initiated when you click a link for what you believe is valid security software or its vendor’s site. (Update: Microsoft removes 1m fake antivirus apps)
Such adverts are not only a nuisance when browsing online – fake ads appear on reputable sites that make use of third-party advertising – but they are designed to rip off consumers by tempting them to pay for a worthless program. Worse still, these rogue applications infect your PC with a problem they claim can only be ‘fixed’ by purchasing extra software.
If a fake antimalware app is installed on your PC, you will begin to receive fairly persistent warning messages that your system has been infected and be advised to visit a particular site and pay for the necessary protection. You’ll be told that you have a trial version of the software installed and need to upgrade to remove all threats.
Such has been the success of these scams that several of the fake programs have become infamous. WinAntiSpyware, Antivirus 2008 (recently updated to 2009), Antispyware Pro XP and AntiVirus Lab 2009 are all suspect – and no doubt others will soon emulate them.
With similar tactics having been previously used to perpetrate fraud such as phishing, the scammers have latched on to a very effective way to play on people’s existing security fears.
Should one break through your defences, we’ll show you how to remove it from your system.
1. The exact method for removing fake antivirus software will differ depending on the particular variety you’ve been blessed with. We’ve concentrated on Antivirus 2009. If it sounds familiar, you’ve probably endured fake warning alerts, increased pop-ups and the hijacking of your home page.
2. Such programs can be difficult to uninstall, and you may need to use a dedicated application such as ParetoLogic’s XoftSpySE. In general, you will find that using antispyware software is simpler, although it can’t be guaranteed to work in every instance.
3. Uninstall Antivirus 2009 using the Add/Remove Programs utility in the Control Panel, then restart your PC in Safe mode. Launch your antispyware application and allow it to scan system files and folders and remove any suspect applications. Now boot up your PC as normal.
4. If antispyware software doesn’t get rid of the fake program, you’ll need to remove it manually. Be sure to back up any important files first. Next, press Ctrl, Alt, Del to bring up the Task Manager. Click Image Name and select Antivirus 2009, then choose End Process to stop it running.
5. Go to Start, Run. Type regedit to start the Registry Editor, where you will delete the entries for WinAntiVirus. Browse to the Hkey_Local_Machine\Software folder from the My Computer folder and delete the series of Registry entries that are described on this PC Advisor forum thread.
6. The same thread lists a number of spyware files that will need to be manually deleted from your Windows folder, but note that you may need to stop the file processes in the Task Manager before you can delete them. As before, make sure you back up your system before you start.