Rogue Anti-virus Programs Getting Harder to Remove

There have been many fake anti-virus programs created by malware makers over the past few years. Far from being dedicated anti-virus programs, they offer no useful functionality. They are malware in and of themselves and are known to interfere with system operation, preventing the download of real anti-virus software, and may, in fact, completely cripple a computer.

The problem is becoming increasingly common. Online browsing causes a pop up to appear. It will claim to be an anti-virus scan that shows the user that they have a large amount of malware on their computer and offers to remove it if the user downloads the program. Unfortunately, downloading it installs the malware. Instead, it would be best if you shut the pop-up window by right-clicking on it in the toolbar and selecting close-not by pressing the ‘X’ on the pop-up, which may also install it.

Earlier versions of this malware have had an easy fix. Downloading Malwarebytes on a second computer and saving it onto a USB flash drive before installing it on the infected computer from the flash drive was enough to fix the problem. Malwarebytes acknowledge as being one of the best automatic removal tools available for these rogue anti-virus programs.

Newer versions of the malware are becoming increasingly cleverly designed. Booting your computer into safe mode may or may not help. Older versions of the malware may not load in safe mode, allowing you to install and run Malwarebytes. Current versions will run in just the same way in safe mode as they do at normal boot, and so will prevent clean up. Closing the virus running process can help, but it often relaunches when you try an install.

Any executables (files of type .exe) will prevent from running, either by using a process that blocks them or by the malware removing the file associations that the computer has. In short, the computer suddenly stops recognizing a .exe as a program to run and install.

Another tool is coming out on top for fixing this annoying problem. Trend Micro has long provided a virus scanning and removal tool online for free. To begin with, it was browser dependent, only working in Internet Explorer (IE). That, unfortunately, meant that badly infected computers could not use the tool, as a lot of malware will install browser hijacks to IE and prevent your computer from reaching Trend Micro’s site. Now, however, the device is browser-independent.

That means that a computer that already has another browser installed has a good chance of being cleaned by Housecall because the redirects installed on the more common browsers. In particular, chrome and opera are the least likely to be affected, though either Firefox or IE may still reach the site. If successful, the Housecall scan should be allowed to run and to remove any threats that it finds.

That will not completely clean up the damage that the malware has caused, but it will remove the running processes that prevent you from running Malwarebytes, allowing you to install the program and complete the needed clean up.

In the long run, it may take ever more creative ways to remove these kinds of malware from our computers, and it will inevitably get even more challenging. That makes it all the more important to protect yourself with good anti-virus software so that you don’t get infected in the first place.

Leave a Reply