Friday, October 22, 2010

Remove antispyway.com browser hijacker

Antispyway.com is a misleading web site, which is associated with a program called Antivirus Action. This program is a rogue antispyware tool, because uses fake scan results and fake security warnings as a way to force you to purchase its full version.

When your computer is infected with Antivirus Action, then every time you try to open any website, instead you will be shown antispyway fake warning page.

Screen shoot of the misleading website below:


antispyway.com - browser hijacker

Antispyway.com will offer to buy the full version of Antivirus Action. Most important do not purchase anything here. This misleading site is only one component of deceptive tactics that uses this fake security program to trick you.

If you find that your computer is infected with this malware and your browser is redirected to antispyway.com, then use the step by step removal guide here or the instructions below to remove it from your system for free.

How to remove antispyway.com browser hijacker/virus

Reboot your computer in Safe mode with networking.

Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools and select Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.


If the instructions does not help you, then ask for help in the Spyware removal forum.

Sunday, October 10, 2010

Remove Smart Engine (Removal guide)

Smart Engine is a new rogue antivirus application from the same family of malware as Smart Security , My Security Shield, Security Master AV, etc.

HijackThis shows Smart Engine infection:

O4 – HKCU\..\Run: [Smart Engine] “C:\Documents and Settings\All Users\Application Data\da2933\SMda2_2121.exe” /s /d

What Smart Engine does

Smart Engine is not a legitimate security tool. It looks like a normal antivirus, but in reality, this program can not remove viruses, trojans, etc., nor will be protect your computer from legitimate future infections. Smart Engine created with one purpose to trick you into purchasing the full version of the software.

Smart Engine is promoted and installed via trojans. When the trojan is started, it will download and install the rogue onto your computer.


During installation, Smart Engine will configure itself to run automatically every time when your computer starts. After that, it will create several files on your computer, which later, during the scan, will detect as infections. These fake infections can only be removed with a full version of the program.




Obviously, such results are a fraud, the program want to scare you into thinking that your computer is infected with malicious software.

While Smart Engine is running, it will flood your computer with fake security alerts and notifications from Windows task bar. Some of the fake alerts are:

Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys

Warning
Warning! Virus detected


However, all the alerts are totally fabricated and must by no means be trusted!

Last, but not least, the rogue will disable Task Manager, block antivirus and antispyware tools from running.

As you can see, Smart Engine is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the Smart Engine removal instructions or the steps below to remove Smart Engine from your computer for free.

Smart Engine removal steps

1. Reboot your computer in Safe mode with networking.

2. Run Internet Explorer, Click Tools and select Internet Options. Select Connections Tab and click to Lan Settings button.

3. Uncheck “Use a proxy server” box. Click OK and click OK again.

4. Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

5. Once the program has loaded you will see a screen like below.




Malwarebytes' Anti-Malware

6. Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

7. Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.



8. Download OTM by OldTimer from here and save it to your desktop.

9. Run OTM, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
Commands
[resethosts]
10. Click the red Moveit! button. Close OTM.



If the instructions does not help you, then ask for help in the Spyware removal forum.

Friday, October 8, 2010

Remove Antivirus Action malware

Antivirus Action is another rogue antivirus program. The misleading application is a clone of Antivirus IS malware. This malware reports false infections and displays a lot of fake security alerts in order to trick you into purchasing its so-called full version.

HijackThis shows Antivirus Action infection:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}agnz.exe

What Antivirus Action does

Antivirus Action is distributed with the help of trojans that come from various misleading websites. When the trojan is started, it will install this malware. On first run, Antivirus Action configures itself to start automatically when Windows loads. Next, the fake antivirus will simulate a system scan and list a lot of false infections that actually does not exist!



Antivirus Action will state that your computer is infected with adware, trojans, worms or malware with one purpose - to scare you into thinking that your PC in danger. Obviously, such results are a fraud, so you can freely ignore them.

While Antivirus Action is running, it will flood your computer with fake security alert and notifications from Windows task bar. Moreover, the rogue will disable Task Manager and hijack Internet Explorer so, that it will display a misleading notification that states - "Internet Explorer Warning – visiting this web site may harm your computer!". Of course, all of these alerts and messages are a fake and like false scan results should be ignored.

As you can see, Antivirus Action is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the Antivirus Action removal guide or the instructions below in order to remove this malware from your computer for free.

Antivirus Action removal instructions

Reboot your computer in Safe mode with networking.

Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools and select Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.



Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.


If the instructions does not help you, then ask for help in the Spyware removal forum.

Monday, October 4, 2010

Remove Antivirus IS virus/malware (Removal guide)

Antivirus IS is a new rogue antispyware from the same family of rogues as Security Suite.

HijackThis shows Antivirus IS infection:
O4 - HKCU\..\Run: [{random}] %Temp%\{random}\{random}lanw.exe

What Antivirus IS does

The design of Antivirus IS looks like a real antivirus application, but in reality, this program can not remove viruses, trojans, etc., nor will be protect your computer from legitimate future infections. Antivirus IS created only for one - to trick you into purchasing its full version.

Antivirus IS spreads as a fake video codec. Once started, it will install the rogue onto your PC without your permission and knowledge.



During installation, Antivirus IS will register itself int the Windows registry to run automatically every time when your computer starts. After that, it starts a scanning procedure, which results in finding a lot of trojans, viruses and other malicious programs. Obviously, such results are a fraud, the program want to force you to believe that your computer is infected.

What is more, Antivirus IS can block the Task Manager, and most legitimate Windows programs, as well as show a variety of false warnings and alerts. Like the scan results, all these messages - a fake, so you can safely ignore all that Antivirus IS will give you.

As you can see, Antivirus IS is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the removal guide or the steps below to remove Antivirus IS from your computer manually for free.


How to remove Antivirus IS


Reboot your computer in Safe mode with networking.

Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools and select Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.


Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.


If the instructions does not help you, then ask for help in the Spyware removal forum.