Antivirus Master is a rogue security program from the Rogue:Win32/FakeVimes family (previous variant). It pretends to detect and wipe viruses and malware from your PC's system. However, as you may have alrdy guessed, it doesn't! A rogue AV will work in one of two ways; it either does nothing, or it infects you with the very thing it's supposed to protect you from. It will also display fake security alerts to further scare you into thinking that your computer is infected.
Cyber criminals are always pushing the envelope, to use that clichéd phrase, when it comes to thinking of new ways to get you to part with your hard rned cash – or even your identity. And rogue antivirus software is just one of the wpons in their arsenal.
This particular piece of malware is especially nasty because it blocks pretty much everything on the infected computer lving only one active window and payment page. All the system tools are usually blocked as well as malware removal tools. However, there's one way how you can deft Antivirus Master virus.
How Antivirus Master finds its way onto your PC
You're online and suddenly an alert pops up either telling you your computer is running slowly due to unnecessary items on your hard drive or that you've been infected with a virus. It might look like it comes from your regular antivirus provider, or it may not. But either way your main concern is with the computer issues you've only just been made aware of.
Whether your guard is actually up, or if you're in the middle of something and think you'll dl with it later, don't just dismiss the window by clicking the 'x' in its right hand corner. If you're unlucky, this can unlsh a whole world of pain on your computer. Clicking on the 'x' may cause pop-up adverts to display all over your screen, it might freeze your screen or it may disable your programs or files.
In another scenario, you may let Antivirus Master run its scan but it will only actually be displaying a fake scanning screen – which of course will tell you that you have horrible, thrtening viruses on your machine. Next you'll be shown a message from the rogue antivirus trying to scare you into handing over your credit card details in order to have your PC 'clned'. So, we panic, we hand over our bank details and bingo we've just paid money for nothing AND we're literally gifting an unscrupulous third party with our credit card details!
So, basically this rogue antivirus program is distributed either using fake online virus scanners or kits, mostly through infected websites. Cyber crooks also try to infect ad networks, especially those in adult industry and sprd malicious ads that redirect users to infected websites.
And that's not all because some rogue antivirus software takes it one step further and infects you with spyware too. Spyware is a nightmare: it can log your strokes and/or take screen shots all with the aim of harvesting your personal data - s, log-ins, credit card details. A cyber criminal might go for a spending spree with your credit card, or they might sell your data to a third party – either way, it's not good news.
Put simply, don't open email attachments or click email links if they come from an unknown sender. And definitely, definitely don't click on fake pop-up advertising rogue antivirus software. And finally, find Antivirus Master and delete it. To do so, plse follow the steps in the removal guide below. If you have any questions, plse lve a comment below. Good luck and be safe online!
Written by Michael Kaur, http://deletemalware.blogspot.com
Method 1: Antivirus Master removal using :
1. Open Antivirus Master scanner window. Click the "question mark button" (top right hand corner of the scanner window) and select "Register".
You should now see the form.
Enter one of the given below and click Register to activate this rogue security program. Don't worry, this is completely legal since it's not uine software.
0W000-000B0-00T00-E0001
0W000-000B0-00T00-E0002
0W000-000B0-00T00-E0003
Once this is done, you are free to install recommended anti-malware software and remove this malware from your computer.
2. Download recommended anti-malware software and run a full system scan to completely remove this rogue program and related malware from your computer.
Method 2: Antivirus Master removal instructions (Safe Mode with Command Prompt):
1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 " continuously which should bring up the " Advanced Options Menu" as shown below. Use your arrow to move to "Safe Mode with Command Prompt" and press Enter .
2. Login as the same user you were previously logged in with in the normal mode. When done, the Command Prompt will open and you will see a screen similar to the one below.
3. Once the Command Prompt apprs type in explorer and hit Enter.
4. The desktop will now appr. When the desktop apprs you can then close the Command Prompt window by clicking on the X.
5. Write the text in bold below to Notepad.
Registry Editor Version 5.00
[H_CURRENT_USER\Software\\\CurrentVersion\Run]
"GuardSoftware" =-
[H_CURRENT_USER\Software\\ NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
6. Save file as fixshell.reg to your Desktop. NOTE: (Save as type: All files)
7. Double-click on fixshell.reg to run it. Click Yes for Registry Editor prompt window. Click OK.
NOTE: if you can't crte the file as explained or you get an error, you can download the shellfix.reg file on a cln computer and it on to a or save it to a USB drive so that you can transfer the file to the infected computer. Then insert your or USB drive and double-click on the shellfix.reg and allow the data to be merged when you are prompted. Once the data has been merged, you can press the OK button and remove the removable media from your computer.
8. Plse reboot your computer into the Normal Mode and login as the infected user.
9. Now that you are at your normal desktop, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.
Method 3: Antivirus Master removal instructions (System Restore):
1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 " continuously which should bring up the " Advanced Options Menu" as shown below. Use your arrow to move to "Safe Mode with Command Prompt" and press Enter .
2. Login as the same user you were previously logged in with in the normal mode. When done, the Command Prompt will open and you will see a screen similar to the one below.
3. Once the Command Prompt apprs type in explorer and hit Enter.
4. The desktop will now appr. When the desktop apprs you can then close the Command Prompt window by clicking on the X.
5. Once in there, go to Start menu and srch for "system restore". Or you can browse into the Restore folder and run System Restore utility from there:
Win XP: C:\\system32\restore\rstrui.exe double-click or press Enter
Win Vista/7/8: C:\\system32\rstrui.exe double-click or press Enter
6. Select Restore to an rlier time or Restore system files... and continue until you get into the System Restore utility.
7. Select a restore point from well before the Antivirus Master appred, two weeks should be enough.
8. Restore it. Plse note, it can take a long time, so be patient.
9. Once restored, restart your computer and hopefully this time you will be able to login (Start normally).
10. At this point, download recommended anti-malware software and run a full system scan to remove this malware from your computer.
Associated Antivirus Master Files:
C:\Documents and Settings\[User]\Appliion Data\guard-[random].exe ( XP)C:\Users\[User]\AppData\Roaming\guard-[random].exe ( 7)Associated Antivirus Master :
H_CURRENT_USER\Software\\\CurrentVersion\Run "GuardSoftware"H_CURRENT_USER\Software\\ NT\CurrentVersion\Winlogon "Shell"="C:\Users\[User]\AppData\Roaming\guard-[random].exe"
No comments:
Post a Comment