Thursday, March 11, 2010

Remove Antivirus 7 fake antivirus program (Free removal)

Antivirus 7 is a fake anti-virus program. It reports false system security threats and displays fake warnings to make you think that your computer is infected with malicious software. Basically, it's typical scareware and it prompts you to pay for a full version of the program in order to remove supposedly found infections and to ensure full system protection. Don't purchase it! Otherwise, you probably won't get your money back. But if you already paid for Antivirus 7 then you should contact your credit card company immediately and dispute the charges.



If you are reading this bog post then your PC is probably infected with this virus. Thankfully, there is a way to remove Antivirus 7 for free. However, please note that you may have to use more than one program to completely remove this infection from your computer. Besides, Antivirus7 may come bundled with other malware and so may block legitimate antivirus and antispyware programs. In such case you will have to reboot your computer is Safe Mode with Networking and run free malware removal tool from there. Please read the removal instructions below.

Antivirus 7 malware also displays fake security warnings about identity theft attempts or newly detected virus. Some of the fake alerts you will probably see on your screen while you are infected:

"Resident Shield: New virus detected
Warning! New virus detected
Please click "Remove All" button to heal all infected files and protect your PC"



As a typical rogue program, Antivirus 7 comes from fake online scanners, fake sites, infected PDF files and malicious advertisements. Very often cyber criminals distribute their malicious software on well know websites too, such as Facebook, MySpace or Twitter. If you receive a message from person you don't know don't click on any links unless you are 100% sure that they won't redirect you to misleading. Good luck and be safe!


Antivirus 7 removal instructions (method #1):

1. (Proceed to step 2 if you your web browser is not hijacked) Open Internet Explorer. Go to: Tools->Manage Add-ons. Find and select UpdateExplorer.dll from the list of add-ons. Click "Disable" button and close Manager Add-ons windows. Close Internet Explorer and run it once again.
2. Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.


Removing Antivirus 7 in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.

Antivirus 7 files and registry values:

Files:
  • C:\Documents and Settings\All Users\Start Menu\AV7
  • C:\Program Files\AV7
  • C:\Program Files\AV7\antivirus7.exe
  • C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
  • C:\WINDOWS\system32\UpdateExplorer.dll
Registry values:
  • HKEY_CURRENT_USER\Software\EVA246
  • HKEY_CLASSES_ROOT\CLSID\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV7"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 12.03.2010"
Share this information with other people:

No comments:

Post a Comment