How I remove fake antivirus programs / malware

Lately it seems there is a rash of fake Anti-Virus programs going around and some of them look pretty convincingly real. Nobody knows how they get them, but they appear on the computer and warn you that your computer is infected and if you pay them some money to activate the program it will remove them. At the same time this disables your real antivirus software, and prohibits you from being able to install anything else to remove it. They come with many different names, Security Suite, Antivirus 2011, Antivirus Live, MS Antivirus and Spyware Protect to name just a few.

For those of you who are currently struggling with this, or for those of you who might end up with it, here's how to get rid of it yourself using free software.

If you're lucky enough you can boot into safe mode and run SuperAntiSpyware (free from Download.com) and clean it up. Then just run a couple of scans with SAS and your AntiVirus software after updating both and be done with it.

If not, here's the steps I take:

Download the following programs to a flash drive from another computer:

Rkill (there are 4 versions, get all 4 from BleepingComputer.com)

SuperAntiSpyware (download.com)

TrendMicro Housecall (trendmicro.com/housecall)

Combofix (http://www.combofix.org)

Now go back to your infected computer and close any running programs you were using when the malware poped up. Run Rkill.scr This is a screensaver file, so hopefully the Malware won't recognize it and prevent it from running. If it does, try the other versions, one should work. This should kill the program from running and pop up a text file with the location of the malware file it killed. Navigate to that folder and delete the file it specifies. BE SURE not to delete the wrong file!

Now you should be able to install and update SuperAntiSpyware. Run a full scan with this.

At the same time launch the Trend Micro Housecall scanner. It will update itself, then follow the prompts to start the scan.

One will finish before the other and prompt you to reboot but wait for the other to finish, it will ask you to do the same. Reboot your computer and you should be clean.

If you still have problems run ComboFix on your machine. This takes a while, but scans your computer and removes malware efficiently, and will even create a restore point for you on Windows XP machines or newer.

Always update your local Antivirus software and run a full scan after this to be sure that there are no remaining files infecting your computer. If you don't have an antivirus program, Microsoft Security Essentials is a good and free antivirus program that actually provides LIVE protection. AVG did not the last time I used it. (microsoft.com/security-essentials)

Disclaimer: I take no responsibility for anything that happens to your computer. These are the steps I take to remove malware and it's worked for me on many, many computers.