Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Saturday, August 28, 2010

How to remove AWM Antivirus (Uninstall Guide)

Tell your friends:
AWM Antivirus is a rogue anti-virus product that pretends to scan your computer for malware and then claims to find infected files. Then it forces users to pay registration fees to remove those supposedly infected files. Of course, you shouldn't buy it. AWM Antivirus reports false system security threats and displays fake security warnings about non-existent malware on your computer. It tries to deceive users into paying for a full version of the fake program. It goes without saying that you should remove AWM Antivirus from your computer as soon as you can. Unfortunately, it's not a legitimate program and it doesn't have uninstall options, so you won't be able to remove it by using the "Add or Remove Programs" feature. Thankfully we've got the instructions to help you get rid of this rogue program. Please follow our removal instructions below.




(Thanks to rogueamp)

AWM Antivirus is a clone of A-fast Antivirus. It displays fake security warnings and pop-ups with false information. Once installed, it displays a fake pop-up claiming that your computer is infected with spyware. The text of this fake pop-up is:
Your computer is infected! Windows detected spyware infection!
It is recommended to use special antispyware tools to prevent dataloss. Windows will now download and install the most up-to-date antispyware for you.
Other fake messages look something likes this:
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

System warning!
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. It's highly recommended you scan your PC right now.


AWM Antivirus may block legitimate programs and redirect users to various misleading websites full of Ads.
The home page of this bogus security software is awm-antivirus.com. Please don't visit that page.

Screen shot of awm-antivirus.com (payment page):


As you can see AWMAntivirus forces victims to register the program for a fee to remove found malicious software from your computer. Do not fall victim to this attack and remove AWM Antivirus from the system upon detection. The removal guide below will show you to do this. Last, but not least, if you find difficult to remove this virus from your computer, you can activate it and make the removal procedure easier. But please note that still need to scan your computer with anti-malware software to remove the rogue program. Simply activating the program won't solve the problem. In order to activate AWMAntivirus please use one of the following codes:
  • B0B302F772
  • C197C46C46
  • B20C1467B7
  • 041E4B235A
  • 25CCCC7329
  • 9926220EED
  • A58EC19D33
  • C15F2FF276
  • F61E370D62
  • DDAD6A7A2C
  • 9F8122FE00
  • 3754DD9DA6
  • 3DC52EA100
  • EE73BBFFA6
  • 7E61C9C7DF
  • EE34D2E8A7
  • AA61971AA1
  • 9D2510E3E8
Click on "Active" button and enter the code.

Now you should have the activated version of this scareware on your computer. By the way, if you have purchased it then please call your credit card company and dispute the charges. Also, if you have any questions or additional information about this virus, please don't hesitate and leave a comment. Good luck and be safe online!


AWM Antivirus removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


AWM Antivirus removal instructions using HijackThis (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry(ies) in the scan results:
O4 - HKCU\..\Run: [awm] %AppData%\AWM\AWM.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


AWM Antivirus associated files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\UserName\Application Data\AWM\
  • C:\Documents and Settings\UserName\Application Data\AWM\AWM.exe
  • C:\Documents and Settings\UserName\Desktop\AWM Antivirus.lnk
For Windows Vista and Windows 7 users:
  • C:\Users\UserName\AppData\Roaming\AWM\
  • C:\Users\UserName\AppData\Roaming\AWM\AWM.exe
  • C:\Users\UserName\Desktop\AWM Antivirus.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\AWM
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "awm"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "AWM Antivirus"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\UserName\Application Data\AWM\AWM.exe:*:Enabled:awm"
Share this information with other people:

0 comments: