Tuesday, June 8, 2010

Sysinternals Antivirus removal instructions

Sysinternals Antivirus is a new rogue antispyware from the same family of rogues as XJR Antivirus, AKM Antivirus 2010, etc.

HijackThis shows Sysinternals Antivirus infection

O2 – BHO: ADC PlugIn – {149256D5-E103-4523-BB43-2CFB066839D6} – C:\Program Files\adc_w32.dll
O23 – Service: Adobe Update Service (AdbUpd) – Unknown owner – C:\Program Files\svchost.exe

What Sysinternals Antivirus does

The design of Sysinternals Antivirus looks like a normal antispyware tool, but in reality, this program can not remove viruses, trojans, etc., nor will be protect your computer from legitimate future infections. Sysinternals Antivirus created with one purpose to trick you into purchasing the full version of the software.

Sysinternals Antivirus is promoted and installed through the use of trojans. When the trojan is activated, it will download and install the rogue onto your PC without your permission and knowledge.

Screen shoot of Sysinternals Antivirus

Once started, Sysinternals Antivirus will add itself into Windows registry to run automatically every time when your computer starts. After that, it starts scanning procedure, which results in finding a lot of trojans, viruses and other malicious programs. Obviously, such results are a fraud, the program want to force you to believe that your computer is infected.

While Sysinternals Antivirus is running, it will flood your computer with fake security alert and notifications from Windows task bar that stats:

Warning: Infection is Detected. Windows has found spyware infection on your computer! Click here to update your Windows antivirus software…

Internet attack attempt detected: Somebody is trying to attack your PC: This can result in loss of your personal information and infection other computers connected to your network. Click here to prevent attack

Warning. Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.

Furthermore, the rogue may disable Task Manager and block legitimate Windows applications from running. If you will try to run an application you will see a warning as shown below and this application will be stopped.

Warning! Running of application is impossible. The file C:\Windows\System32\notepad.exe is infected.

From the above, obviously, Sysinternals Antivirus is a dangerous program, whose presence on your computer is absolutely undesirable. Use the removal instructions below to remove this malware for free.

How to remove Sysinternals Antivirus

Download fix.zip from here. Unzip it. Double Click fix.reg and click YES for confirm. Reboot your computer.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

Note: if you can`t download or run these suggested program above, boot your computer in Safe mode with networking and repeat the above steps once again.

If the instructions does not help you, then ask for help in the Spyware removal forum.

No comments:

Post a Comment