Cyber criminals are always pushing the envelope, to use that clichéd phrase, when it comes to thinking of new ways to get you to part with your hard earned cash – or even your identity. And rogue antivirus software is just one of the weapons in their arsenal.
This particular piece of malware is especially nasty because it blocks pretty much everything on the infected computer leaving only one active window and payment page. All the system tools are usually blocked as well as malware removal tools. However, there's one way how you can defeat Windows Antivirus Master virus.
How Windows Antivirus Master finds its way onto your PC
You're online and suddenly an alert pops up either telling you your computer is running slowly due to unnecessary items on your hard drive or that you've been infected with a virus. It might look like it comes from your regular antivirus provider, or it may not. But either way your main concern is with the computer issues you've only just been made aware of.
Whether your guard is actually up, or if you're in the middle of something and think you'll deal with it later, don't just dismiss the window by clicking the 'x' in its right hand corner. If you're unlucky, this can unleash a whole world of pain on your computer. Clicking on the 'x' may cause pop-up adverts to display all over your screen, it might freeze your screen or it may disable your programs or files.
In another scenario, you may let Windows Antivirus Master run its scan but it will only actually be displaying a fake scanning screen – which of course will tell you that you have horrible, threatening viruses on your machine. Next you'll be shown a message from the rogue antivirus trying to scare you into handing over your credit card details in order to have your PC 'cleaned'. So, we panic, we hand over our bank details and bingo we've just paid money for nothing AND we're literally gifting an unscrupulous third party with our credit card details!
So, basically this rogue antivirus program is distributed either using fake online virus scanners or exploit kits, mostly through infected websites. Cyber crooks also try to infect ad networks, especially those in adult industry and spread malicious ads that redirect users to infected websites.
And that's not all because some rogue antivirus software takes it one step further and infects you with spyware too. Spyware is a nightmare: it can log your key strokes and/or take screen shots all with the aim of harvesting your personal data - passwords, log-ins, credit card details. A cyber criminal might go for a spending spree with your credit card, or they might sell your data to a third party – either way, it's not good news.
Put simply, don't open email attachments or click email links if they come from an unknown sender. And definitely, definitely don't click on fake pop-up windows advertising rogue antivirus software. And finally, find Windows Antivirus Master and delete it. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. Good luck and be safe online!
Written by Michael Kaur, http://deletemalware.blogspot.com
Method 1: Windows Antivirus Master removal using activation key:
1. Open Windows Antivirus Master scanner window. Click the "question mark button" (top right hand corner of the scanner window) and select "Register".
You should now see the registration form.
Enter one of the registration keys given below and click Register to activate this rogue security program. Don't worry, this is completely legal since it's not genuine software.
0W000-000B0-00T00-E0001
0W000-000B0-00T00-E0002
0W000-000B0-00T00-E0003
Once this is done, you are free to install recommended anti-malware software and remove this malware from your computer.
2. Download recommended anti-malware software and run a full system scan to completely remove this rogue program and related malware from your computer.
Method 2: Windows Antivirus Master removal instructions (Safe Mode with Command Prompt):
1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.
2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.
3. Once the Command Prompt appears type in explorer and hit Enter.
4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.
5. Write the text in bold below to Notepad.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GuardSoftware" =-
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
6. Save file as fixshell.reg to your Desktop. NOTE: (Save as type: All files)
7. Double-click on fixshell.reg to run it. Click Yes for Registry Editor prompt window. Click OK.
NOTE: if you can't create the file as explained or you get an error, you can download the shellfix.reg file on a clean computer and burn it on to a CD or save it to a USB drive so that you can transfer the file to the infected computer. Then insert your CD or USB drive and double-click on the shellfix.reg and allow the data to be merged when you are prompted. Once the data has been merged, you can press the OK button and remove the removable media from your computer.
8. Please reboot your computer into the Normal Windows Mode and login as the infected user.
9. Now that you are at your normal Windows desktop, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.
Method 3: Windows Antivirus Master removal instructions (System Restore):
1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.
2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.
3. Once the Command Prompt appears type in explorer and hit Enter.
4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.
5. Once in there, go to Start menu and search for "system restore". Or you can browse into the Windows Restore folder and run System Restore utility from there:
Win XP: C:\windows\system32\restore\rstrui.exe double-click or press Enter
Win Vista/7/8: C:\windows\system32\rstrui.exe double-click or press Enter
6. Select Restore to an earlier time or Restore system files... and continue until you get into the System Restore utility.
7. Select a restore point from well before the Windows Antivirus Master appeared, two weeks should be enough.
8. Restore it. Please note, it can take a long time, so be patient.
9. Once restored, restart your computer and hopefully this time you will be able to login (Start Windows normally).
10. At this point, download recommended anti-malware software and run a full system scan to remove this malware from your computer.
Associated Windows Antivirus Master Files:
- C:\Documents and Settings\[User]\Application Data\guard-[random].exe (Windows XP)
- C:\Users\[User]\AppData\Roaming\guard-[random].exe (Windows 7)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware"
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\Users\[User]\AppData\Roaming\guard-[random].exe"
Không có nhận xét nào:
Đăng nhận xét