I last wrote about MS Antivirus and its derivatives in March of 2009. In recent weeks, this parasite has been extremely active as I have seen a significant spike in service calls. According to the Wikipedia, this parasite is going by many names: XP Antivirus, Vitae Antivirus, Windows Antivirus, Win Antivirus, Antivirus Pro, Antivirus Pro 2009, Antivirus 2007, 2008, 2009, 2010, and 360, Internet Antivirus Plus, System Antivirus, Spyware Guard 2008 and 2009, Spyware Protect 2009, Winweb Security 2008, System Security, Malware Defender 2009, Ultimate Antivirus2008, Vista Antivirus, General Antivirus, AntiSpywareMaster, Antispyware 2008, XP AntiSpyware 2008 and 2009, WinPCDefender, Antivirus XP Pro, and Anti-Virus-1.
Before I provide instructions on how to remove this parasite, I have a few words of advice. This parasite will tell you that your computer is infected with many things, and if you buy it for $29.95, $34.95, or 49.95, etc., if will fix your computer. If you have given this parasite your credit card, immediately stop what you are doing and cancel your credit card. That said, these instructions have worked on removing the parasite from many computers. But if you have interacted with this thing a lot or have one of the more destructive versions on your computer, you may end up with no other option than to rescue your data, format your hard drive and reinstall your operating system and applications. If you don’t know how to do this, contact your local computer professional for assistance.
OK, here’s what to do when you are infected.
- Don’t interact with it. If possible, use Ctrl+Alt+Del to bring up the task list and kill the window which is telling you that your computer is infected.
- Step #1 - Run System Restore. You can do this by clicking on Start, All Programs, Accessories, System Tools, System Restore. Select a restore point from before you got infected and run system restore. If you have no restore points or you run System Restore and you are told that it wasn’t able to restore your computer to date you selected, you may be in trouble. You can try the next steps, but your chances for a good outcome have just lessened.
- Step #2 - If you use Internet Explorer, empty your browser cache. Open Internet Explorer and click on Tools, Internet Options, and delete all of your browsing history and cookies. Please note that these instructions may vary based on the version of IE that you are using. You can consult Internet Explorer's Help if you can't figure out how to do this.
- Step #2 - If you use Firefox, click on Tools, Clear Recent History and delete all your browsing history and cookies. Please note that these instructions may vary based on the version of Firefox that you are using. You can consult Firefox's Help if you can't figure out how to do this.
- Step #3 - Install and run Anti-Malware by Malwarebytes. Go to http://www.malwarebytes.org/. Click on the link to “Download free version” on the left side of the screen. Next, install it on your computer. Leave both check marks selected and start Anti-Malware and update. Make sure that you have the Scanner tab selected. Select Perform full scan. When the scan is complete, you will be given the option to remove what Anti-Malware finds. Use that option. It may ask for permission to restart your computer. Do so.
- Setp #4 - Install and run Microsoft’s Malicious Software Removal Tool. Go to http://www.microsoft.com/security/malwareremove/default.aspx. Click on "Skip the details and download the tool". Click on the download link and install. Run Microsoft's Malicious Software Removal Tool and follow it's instructions to remove any malware that it finds.
If you are unable to perform these steps, you are in trouble. Your best course of action is to backup your data, format your hard drive and reinstall your operating system and applications. I know that it hurts, it hurts a lot.
In the future, be very careful when security warnings appear on your computer. Unfortunately, you need to evaluate them and decide if they are real, or as in your recent case, malware. It is very confusing. If you get involved with this type of malware in the future (and Windows XP is the target as Visa is more secure), go immediately to system restore and restore your computer to a date prior to the infection. Do not interact with it as by doing so, you are most likely giving permission to install on your computer. If you are unable to perform a restore, call me or your local computer repair professional for assistance.
Contact Info: firstname.lastname@example.org