Help Needed Urgent

My bro is a complete novice. He recently got hit with a Fake AV something called Security System Tool or Security Scan Tool. He is using Mcafee Internet Security on Win Vista 64 Bits Home Premium. He says he tried a lot to close it but it was not closing so he exited it form the taskbar & then he installed Microssoft Security Essentials & now there is no prob. See he is such a novice. When he told me all this I asked him to uninstall Microsoft Security & told him never use 2 Firewalls & 2 Antivirus. I suspect there must be some files or registry on his system related to the fake tool. His preinstalled Mcafee subscription is going to end in few days. He is a real novice so I have decided on Zonealarm Free Firewall & Avast 5 Free for him. But first I want to clean any remains of the fake AV & little configure his system. But I am in India & he is in USA. So plzz help me on the following things -

  1. Any easy tool for removing all the remains of the fake AV. I have decided on Malwarebytes.
  2. An easy remote connection tool to connect & configure his system. Windows remote connection will do??
  3. How to exclude Zonealarm free latest & Avast free 5 latest completely from each other??


I’d actually recommend Comodo Firewall and Avast Free.

A good addition to this would also be Hitman Pro.

There shouldn’t be any problems with this because one is purely a firewall and the other is purely an AV.

Let me know if you have any other questions. For help cleaning an infected computer you can also check out my post here.

Actually I find Zonealarm GUI little easier for him. OK Hitman Pro. The reason I want to exclude both completely from each other is that if by any chance avast detects zonealarm file as FP & Zonealarm gives error he will not know what happened. And I fear if he blocked avast from connecting i.e zonealarm popup then too he will not know why its not updating. Actually he is so novice what should I tell you. Atleast I want the security software to be in place & working without any prob for him. You didn’t said anything about the remote connection software.


If you’re worried about that then add the Zonealarm folder to Avast’s exclusion list.

I didn’t know anything about it… but I found this. I’ve never used it, but it sounds like it should work.

do everything (beside “1)” and “3)”) in “safe mode with network settings” (when you start your computer press F8 and then press “safe mode with network settings”)

  1. download this and install it

  2. run System-protector (deep scan) (when the scan is finished go to 3))

  3. go to “start” and type later msconfig. look at servers and startup and make sure that non of the servers are disable from this fake AV.

  4. if you want to get rid of registry that is ■■■■ download Advanced SystemCare (Advanced SystemCare 16 Free: Top PC Cleaner & Optimizer for Windows). this program will clean your computer

I don’t understand your third question but if you have avast! and ZA-firewall then everything is okey and i recommend that you download immunet.

I’d advise not using anything made by IOBit. I don’t trust that company ever since they stole detection signatures from Malwarebytes. Instead you can use Comodo System Cleaner or Eusing.

Also, to make sure that the computer is no longer infected you can follow my methods for How to Know If Your Computer Is Infected.

If it is this one, he can follow the instructions for complete removal here:

Hi Guys,


Well , as for <<besides “1)”>> sure, there is no any “easy Tool” (sorry about that) to remove serious infection … if any … may be there is none, as a matter of fact

1st, none of the AV solutions basically capable of doing that
(usually they provide a specific Utilities for certain malware… different story…)

…but what is more important - we do not have any info about the particular infection

What fake AV, naren?

Then Valentinchen,

As it was said in most of professional sites and here repeatedly
You do not ever! start fighting any malware in Safe Mode

That is a completely wrong advice

naren , I would suggest to visit on of those pro sites (please ask if you don’t know those - I will PM you) where you will be following the proper instructions after providing all needed preliminary information about the system and alleged infection


That was a spontaneous reaction. I wanted to help that’s all. And i do know that ESET and others sites offer specific antimalware removing tools.

I have read somewhere that most of the malware don’t start in safe mode and that System-protector works in safe mode (network settings is only for updating System-protector).

He doesn’t remember the Fake AV name was. This saturday or sunday we are going to chat & do all the config. I will show him the screenshot of Security Tool and ask him whether it was this one.

I will definitely run malwarebytes & hitman pro and remove the things. But the Host things mentioned in the Bleeping computer removal mentioned here in this thread is necessary. I am asking this coz I am not that expert and fear if anything goes wrong with the Hosts things. Is it possible to check that Hosts file are fine and no trouble shooting necessary related to hosts file.

Is Comodo Easy VPN good & works fine and should I use this to config his laptop.


Well you are free & entitled to do whatever you want, remotely or locally on his PC
but as I said - the best choice is to post the description of a problem into the professional forum & he (you) will be guided by the expert

If he does not have a partition/data backup and/or the media to reinstall the system - you may loose the system easy doing what you are going to do
otherwise you (he) may have a chance
… but again - that’s your choice


I didn’t know that iobit’s spyware protection did that. When I had avast! is said it was a Trojan (atleast a spyware). I will use comdo System cleaner:)


follow this and forget mine description! :slight_smile:

Where in the Pro Forums should I post??


You can post here for example

following START HERE, if you don’t we are just going to send you back to this thread <–click
or into Shadow’s main website (see his signature)
He was absent for several days but anyway you will have an idea “how to” prepare the preliminary info
There are few other similar sites, which can be posted, but I strongly recommend the above, because ShadowPuterDude is one of the best if not the best malware fighters out there currently


[quote author=SiberLynx link=topic=61617.msg434281#msg434281 date=1284461698]
You can post here

Posted. Hope I posted in a correct way & thread.


As you have posted a help topic now you should follow the instructions, but it will not be easy for them as it is not your computer. All their helpers are very experienced.

Just for future reference you can see how to restore a hosts file to default here:

Hi Naren

1st I will try find out why Shadow is not there for a few days.
Usually it happens when he is writing new Utilities or enhancing the existing ones

I replied there yesterday but the is no response from you … yet

Anyway, you have time to prepare needed preliminary info

Then, if you have access to the infected PC you or your brother can use the following:

1) If you cannot download required Tools when on infected PC and you have Internet access from another clean uninfected computer you may try to download all listed Utilities there.
Save them on external media and then copy to your Desktop / install / run… as per instruction

note: Please copy (don’t type) all referred links from the instruction so you will use precisely the sites suggested when downloading on another PC.

In order to avoid installation of full Emsi Anti-Malware (since the fake AV can cause troubles) you can try using Emsisoft Emergency Kit (EEK) download here
1st the scanning capabilities are the same, but it does not require an installation and the service that full pack employs.
EEK can be run straight from the Flash Stick after unZIPping
It always contains all recent modules and signatures, but please manually update prior to performing the scan (the latest differential update could be delivered)
Current instruction requires Quick Scan, because that will check the active (if any) infection
So, sure do the Quick Scan,
but I would suggest to spent some time and perform the Deep Scan as well. Both reports can be attached.

3) The same download link as above can be used for downloading HiJackFree (HJF) , but you can use the standalone EXE… again – no installation required
if you have EEK already – HJF is a part of a Kit – just use that one (see \Run\ directory)

  1. and as it was pointed - you will be advised re: the alternative Utility, since you will not be able to run ISeeYourXP on x64 (yet)

My regards