Rogue Anti-virus Programs Getting Harder to Remove

There have been a series of fake anti-virus programs that have been created by malware makers over the past few years. Far from being true anti-virus programs they offer no useful functionality. They are in fact malware in and of themselves, and are known to interfere with system operation, preventing the download of real anti-virus software and may in fact completely cripple a computer.

The problem is becoming increasingly common. Online browsing causes a pop up to appear. It will claim to be an anti-virus scan that shows the user that they have a large amount of malware on their computer, and offers to remove it if the user downloads the program. Unfortunately, downloading it actually installs the malware. Instead you should shut the pop up window by right clicking on it in the tool bar and selecting close-not by pressing the ‘X’ on the pop up, which may also install it.

Earlier versions of this malware have had an easy fix. Downloading Malwarebytes on a second computer, and saving it onto a USB flash drive before installing it on the infected computer from the the flash drive was enough to fix the problem. Malwarebytes is acknowledged as being one of the best automatic removal tools available for these rogue anti-virus programs.

Newer versions of the malware becoming increasingly cleverly designed. Booting your computer into safe mode may or may not help. Older versions of the malware may not load in safe mode, allowing you to install and run Malwarebytes. Current versions though will run in  just the same way in safe mode as they do at normal boot, and so will prevent clean up. Closing the virus running process can help but it often relaunches as soon as you try an install. 

Any executables (files of type .exe) will be prevented from running, either by the use of a process that blocks them, or by the malware removing the file associations that the computer has. In short the computer suddenly stops recognizing a .exe as a program to run and install.

Another tool is coming out on top for fixing this annoying problem. Trend Micro has long provided a virus scanning and removal tool online for free. To begin with it was browser dependent, only working in Internet Explorer (IE). This unfortunately meant that badly infected computers could not use the tool, as a lot of malware will install browser hijacks to IE and prevent your computer from reaching Trend Micro’s site. Now however, the tool is browser independent.

This means that a computer that already has another browser installed has a good chance of being cleaned by Housecall, because the redirects are only installed on the more common browsers. Chrome and Opera in particular are the least likely to be affected, though either Firefox or IE may still reach the site. If successful, the Housecall scan should be allowed to run, and to remove any threats that it finds.

This will not completely clean up the damage that the malware has caused, but it will remove the running processes that are preventing you from running MalwareBytes, and hence will allow you to install the program and complete the needed clean up.

In the long run it may take ever more creative ways to remove these kinds of malware from our computers, and it will inevitably get even harder. This makes it all the more important to protect yourself with good anti-virus software, so that you don’t get infected in the first place.

Leave a Reply