My bro is a complete novice. He recently got hit with a Fake AV something called Security System Tool or Security Scan Tool. He is using Mcafee Internet Security on Win Vista 64 Bits Home Premium. He says he tried a lot to close it but it was not closing so he exited it form the taskbar & then he installed Microssoft Security Essentials & now there is no prob. See he is such a novice. When he told me all this I asked him to uninstall Microsoft Security & told him never use 2 Firewalls & 2 Antivirus. I suspect there must be some files or registry on his system related to the fake tool. His preinstalled Mcafee subscription is going to end in few days. He is a real novice so I have decided on Zonealarm Free Firewall & Avast 5 Free for him. But first I want to clean any remains of the fake AV & little configure his system. But I am in India & he is in USA. So plzz help me on the following things -
Any easy tool for removing all the remains of the fake AV. I have decided on Malwarebytes.
An easy remote connection tool to connect & configure his system. Windows remote connection will do??
How to exclude Zonealarm free latest & Avast free 5 latest completely from each other??
Actually I find Zonealarm GUI little easier for him. OK Hitman Pro. The reason I want to exclude both completely from each other is that if by any chance avast detects zonealarm file as FP & Zonealarm gives error he will not know what happened. And I fear if he blocked avast from connecting i.e zonealarm popup then too he will not know why its not updating. Actually he is so novice what should I tell you. Atleast I want the security software to be in place & working without any prob for him. You didn’t said anything about the remote connection software.
Well , as for <<besides “1)”>> sure, there is no any “easy Tool” (sorry about that) to remove serious infection … if any … may be there is none, as a matter of fact
1st, none of the AV solutions basically capable of doing that
(usually they provide a specific Utilities for certain malware… different story…)
…but what is more important - we do not have any info about the particular infection
What fake AV, naren?
As it was said in most of professional sites and here repeatedly
You do not ever! start fighting any malware in Safe Mode
That is a completely wrong advice
naren , I would suggest to visit on of those pro sites (please ask if you don’t know those - I will PM you) where you will be following the proper instructions after providing all needed preliminary information about the system and alleged infection
He doesn’t remember the Fake AV name was. This saturday or sunday we are going to chat & do all the config. I will show him the screenshot of Security Tool and ask him whether it was this one.
I will definitely run malwarebytes & hitman pro and remove the things. But the Host things mentioned in the Bleeping computer removal mentioned here in this thread is necessary. I am asking this coz I am not that expert and fear if anything goes wrong with the Hosts things. Is it possible to check that Hosts file are fine and no trouble shooting necessary related to hosts file.
Is Comodo Easy VPN good & works fine and should I use this to config his laptop.
Well you are free & entitled to do whatever you want, remotely or locally on his PC
but as I said - the best choice is to post the description of a problem into the professional forum & he (you) will be guided by the expert
If he does not have a partition/data backup and/or the media to reinstall the system - you may loose the system easy doing what you are going to do
otherwise you (he) may have a chance
… but again - that’s your choice
following START HERE, if you don’t we are just going to send you back to this thread <–click
or into Shadow’s main website (see his signature)
He was absent for several days but anyway you will have an idea “how to” prepare the preliminary info
There are few other similar sites, which can be posted, but I strongly recommend the above, because ShadowPuterDude is one of the best if not the best malware fighters out there currently
1st I will try find out why Shadow is not there for a few days.
Usually it happens when he is writing new Utilities or enhancing the existing ones
I replied there yesterday but the is no response from you … yet
Anyway, you have time to prepare needed preliminary info
Then, if you have access to the infected PC you or your brother can use the following:
1) If you cannot download required Tools when on infected PC and you have Internet access from another clean uninfected computer you may try to download all listed Utilities there.
Save them on external media and then copy to your Desktop / install / run… as per instruction
note: Please copy (don’t type) all referred links from the instruction so you will use precisely the sites suggested when downloading on another PC.
2) In order to avoid installation of full Emsi Anti-Malware (since the fake AV can cause troubles) you can try using Emsisoft Emergency Kit (EEK) download here
1st the scanning capabilities are the same, but it does not require an installation and the service that full pack employs.
EEK can be run straight from the Flash Stick after unZIPping
It always contains all recent modules and signatures, but please manually update prior to performing the scan (the latest differential update could be delivered)
Current instruction requires Quick Scan, because that will check the active (if any) infection
So, sure do the Quick Scan,
but I would suggest to spent some time and perform the Deep Scan as well. Both reports can be attached.
3) The same download link as above can be used for downloading HiJackFree (HJF) , but you can use the standalone EXE… again – no installation required
if you have EEK already – HJF is a part of a Kit – just use that one (see \Run\ directory)
and as it was pointed - you will be advised re: the alternative Utility, since you will not be able to run ISeeYourXP on x64 (yet)