Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Saturday, December 18, 2010

How to Remove Antivirus Scan (Uninstall Guide)

Tell your friends:
Antivirus Scan is a rogue security program that performs a fake scan on your computer and reports a whole host of fake infections and security alerts. It will state that your computer in infected with trojans, adware, spyware other malware and viruses. The rogue program will also display fake security alerts and notifications from Windows taskbar. Antivirus Scan may end all programs running on your computer as well and prevent installation of new software. As is normal for such programs, Antivirus Scan will prompt you to pay for a full version of the program in order to remove remaining viruses from your computer. If you choose to purchase this bogus program, a browser window will open with further instructions on how to make an online payment for Antivirus Scan demo. I would strongly recommend not to buy anything. Antivirus Scan is a scam. It's not a real antivirus program. It won't protect your computer against malicious software. What is more, you will give your credit card details to the scammers who are behind this rogue program. If you are reading this article, then your computer is probably infected with this fake anti-virus. Thankfully, we've got the removal instructions to help you to remove Antivirus Scan from your computer. Please follow the steps in the removal guide below.



Antivirus Scan is from the same family as Antivirus Action. Both programs are promoted though the use of trojans, fake online scanners and other malware. Sometimes, such rogue program are promoted on popular social networks and by sending out spam emails. The rogue program has to be manually installed, unless your computer is already infected with trojans downloaders or similar malware. In such cases, Antivirus Scan may be downloaded onto your computer without your knowledge. Once installed, this fake program will pretend to scan your computer for malicious software. After the fake scan in displays numerous malware names, e.g. Azero.B, BitTera.C, P2P.Shared.U, BankerFox.A, Antivirus360, Sinowal.VXR, Autorun.AOL, Sality.AN and some other names with short descriptions. Then Antivirus Scan will display fake alerts saying that your computer is infected. One of the fake alerts contains the following text:
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.


Antivirus Scan configures the computer to use a proxy server. Internet Explorer will display a fake warning about infected websites. This warning is:
Internet Explorer Warning - visiting this web site may harm your computer!
Most likely causes:
- The website contains exploits that can launch a malicious code on your computer
- Suspicious network activity detected
- There might be an active spyware running on your computer
In order to remove Antivirus Scan demo you will have to reboot your computer in safe mode with networking and disabe proxy server. Then install anti-malware software and run a full system scan. For more information, please follow the removal instructions below. If you have any problems removing Antivirus Scan from your computer, please leave a comment. Good luck and be safe online!


Antivirus Scan removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.



3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternate Antivirus Scan removal instructions using HijackThis (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry in the scan results:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59274
O4 - HKCU\..\Run: [SET OF RANDOM CHARACTERS] %Temp%\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe e.g. qjdrf25sdr12.exe

Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

OR you may download Process Explorer and end Antivirus Action process:
  • [SET OF RANDOM CHARACTERS].exe, e.g. qjdrf25sdr12.exe
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Antivirus Scan associated files and registry values:

Files:
  • %Temp%\[SET OF RANDOM CHARACTERS]\
  • %Temp%\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\fdhrg12erj2sd
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ''
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:59274'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
Share this information with other people:

15 comments:

So Cal Gal said...

Thank you so much! This totally helped us out a lot! If it wasn't for you, we'd have no computer. Thank you so very much!!!!

Anonymous said...

Hey i found an easy way of removing that antivirus scan. First restart your computer then login to your user acount. Now you have to be quick open up system restore before the antivirus scan bullshit pops up. Once your in system restore just back date to your last checkpoint or whatever date your computer was running normally after that press ok and say goodbye to that mother fucking annoying antivirus scan!

Anonymous said...

Thank you all! I tried Anonymous' idea of Dec. 22 but was unable to do in normal mode. However I was successful when I restarted in Safe Mode with networking and then just did a restore back to Dec. 11 2010. I have windows Vista.

Anonymous said...

Thank you very much!!!! Just restore back your system even being in normal mode, but you should be faster than antivirus scan buster))

Anonymous said...

Hello everyone, I happened to catch this trojan before it fully got to my wife's pc.
Before it fully locked I was able to isolate and delete this file gluyfaxlajb.exe and a similar file in old prefetch data hope this helps and thanks for the advice =)

Anonymous said...

I'm by no means an expert at this but my understanding is that you shouldn't use system restore to deal with viruses.

Anonymous said...

It is done. I have restored my computer back a week. I logged on and to my pleasure, the beast is slain, but deep down I have a feeling that the seed of Antivirus Scan is still lurking somewhere in my computer. Is it certain that it's truly gone?

Admin said...

You should scan your computer with anti-malware software. System restore is not the best way to deal with viruses. I recommend Malwarebytes Antimalware and Hitman Pro.

Anonymous said...

Thanks for the instructions. I used Hitman Pro 3.5 and selected the one time only scan. It totally worked! No more pop ups telling me how riddled with viruses my computer is! Antivirus Scan even started spontaneously opening porn websites. But no more! Thanks again!!!

Anonymous said...

Facing a problem with opening my computer in safe mode: as soon as i select the safe mode i get my screen covered in rows of coding reading:
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS... followed by between 4 and 12 random characters. Any help? :/

Anonymous said...

How r u supposed to download hitman pro and malware bytes if u can't even go online?

Anonymous said...

read the article above. you need to go to IE or Firefox preferences and disable the proxy.

This is the only part of the article that worked for me. Will try system restore to get rid of the fuckware.

Anonymous said...

hey guys i have tried a million times to download Hitman Pro 3.5 and the other programms but i cant save them in my computer.i mean that i press the button save but the programms dont show off.any help????

Anonymous said...

i had the same problem as you guys i download Malwarebytes Antimalware and ruin it and evething was solved untill today that the virus appear in my computer again without doing anything.i runed the Malwarebytes Antimalware but it didnt do anything.what can i do?

Anonymous said...

I used the system restore function, just make sure you have admin rights and quickly go into System Restore as it is still booting up and before the antivirus scan begins its take over. Once in there you can restore to an earlier time and bingo, all gone. I would suggest running a malware scanner after you are back up and running to be sure. These guys who make these rogue programs should all be shot!!!