by ·Comments Off on Bogus Computer Anti-virus
WARNING: Bogus Alert!

WARNING: Bogus Alert!

Just recently I noticed something very interesting on my wife’s laptop.  I noticed it because I’m normally the one who install her anti-virus (AV) and other programs.  This one was obvious because there appeared to be another AV program reporting that laptop is being attacked or hacked and that I must purchase it in order to protect the computer from this attack!

The bogus AV is called Spyware Guard 2009.  This one is categorized as a parasite–meaning that it is one heck of a program to remove from your computer.  It is one destructive and nasty parasite because it does the following:

  • Prevents you from going to the Internet
  • screws up the user profile…meaning that if you log out then login, it will tell you that your user profile is missing; effectively you can’t get back to your desktop

It does more, but I didn’t wait too long to find out.

Most users would be easily scammed and overwhelmed by this, but fortunately I’m not most users.  Even then, it was one heck of a parasite to remove.  How did I do it?

I did a lot of searches on the Internet (using another computer).  Most solutions I found provided free scans to find the problem but wanted me to pay to remove.  However, I found a solution that allowed me to scan an remove.   It is called Malwarebyte’s Anti-malware.

It allowed me to scan and identify registry entries and files that were part of this parasite.  Then it gave me the option to remove them.  It couldn’t remove about 5 of them, even after a couple of attempts.  I knew then that I had a relatively new or different strain.

Fortunately, MalwareByte Anti-Malware clearly identified which ones it couldn’t remove.  I tried removing them in Windows safe mode, with no luck–system reports that they cannot be deleted.

As a last resort, I booted using ERD Commander and deleted the bad files and registry entries.  And FINALLY got rid of that parasite.

The last thing I did was removed the administrative rights of my wife’s account.  This should help prevent any future major infection.

I hope this is helpful to others who read this.