Knowledge Base

Support

Fake Antivirus (FakeAV) Removal Tool

Solution IDLast Updated
1056510Date : 2012/04/17 Time: 1:02 AM (PST)


Product/VersionPlatform
Client / Server Suite for SMB - 3.6; Client/Server Security SMB - 3.6; Client/Server/Messaging Security SMB - 3.6; Endpoint Security Platform - 7.2, 8.0; OfficeScan - 10.0, 10.5, 8.0; PC-cillin Internet Security - 2005, 2006, 2007; PC-cillin Internet Security for Dell - 14.7, 14, 2005; Titanium AntiVirus + - 2011, 2012; Titanium Internet Security - 2011, 2012; Titanium Internet Security for Dell - 2011; Titanium Maximum Security - 2011, 2012; Titanium Smart Surfing for PC - 2011; Trend Micro AntiVirus plus AntiSpyware - 2008, 2009, 2010; Trend Micro Internet Security - 2008, 2009, 2010; Trend Micro Internet Security Pro - 2008, 2009, 2010; Worry-Free Business Security Standard/Advanced - 5.1, 6.0, 7.0
Windows - 2000 Advanced Server, 2000 Datacenter Server, 2000 Professional, 2000 Server, 2000 Small Business Server, 2003 Compute Cluster Server, 2003 Datacenter Server, 2003 Datacenter Server Edition 64-bit, 2003 Enterprise Server, 2003 Home Server, 2003 Small Business Server, 2003 Standard Server Edition, 2003 Standard Server Edition 64-bit, 2003 Storage Server, 2003 Web Server Edition, 2008 Datacenter Server, 2008 Datacenter Server Edition 64-bit, 2008 Enterprise Server, 2008 Enterprise Server Edition 64-bit, 2008 Essential Business Server, 2008 Small Business Server, 2008 Standard Server Edition, 2008 Standard Server Edition 64-bit, 2008 Storage Server, 2008 Web Server Edition, 2008 Web Server Edition 64-bit, 7 32-bit, 7 64-bit, Vista 32-bit, Vista 64-bit, XP Home, XP Professional, XP Professional 64-bit

Problem Description

Fake Antivirus (FakeAV) threats have been rampant in the past few years. Various FAKEAV variants have infected millions of PCs and are continuously spreading worldwide.
One reason why FAKEAV infections have become well-known to users is because they have visual payloads. Variants of the malware family often display pop-up messages telling users that their machines have been infected. This may cause panic among users, pressuring them to purchase rogue antivirus applications in the hope of resolving the issue. Users, however, should never purchase antivirus software from unknown sources.

Solution

To help clean the FakeAV infection, download the FakeAV Removal Tool. This tool is still in the beta stage.
Before running the tool, please note the following:
  • Disable or unload any installed antivirus products that may conflict with the Fake AV Removal Tool.
  • Make sure to run the Fake AV Removal Tool in normal mode with the Fake AV running on the system.
To use the tool, please do the following:
  1. Download one of the following packages:
    • Package A: svchost.exe - Use this if the Fake AV blocks extraction of ZIP files. Most users will want this. Note: There is no need to extract the package.
      Examples of FAKEAV malware addressed by this tool:
      • Security Shield
      • Security Solution
      • Security Sphere
      • System Check
      • System Fix
      • System Repair
      • System Restore
    • Package B: svchost.exe.zip- Use this if the Fake AV block executables only and there are no other user interactions. Download and extract the package.
      Examples of FAKEAV malware addressed by this tool:
      • Security Shield
      • Security Solution
      • Security Sphere
      • System Check
      • System Fix
      • System Repair
      • System Restore
    • Package C: FakeAV Removal Tool - Use this for Fake AV variants that do not block any user execution. Download and extract the package. This package is recommended for most FAKEAV variants.
    • Package D: FakeAVRemover.com.zip- Use this if the Fake AV blocks .exe executables and if there are no other user interactions. Download and extract the package.
      Examples of FAKEAV malware addressed by this tool:
      • xp/vista/win7 antispyware 2012
      • xp/vista/win7 antivirus 2012
      • xp/vista/win7 home security 2012
      • xp/vista/win7 internet security 2012
      • xp/vista/win7 security 2012
  2. Run the executable file. If you downloaded either Package A or Package B, the executable file will be named "svchost.exe". For package C, the executable file will be named "FakeAVremover.exe". For package D, the executable file will be named "FakeAVremover.com".
  3. Note: If you are using Windows Vista/7, right-click the tool and select Run as Administrator to make sure that the application is not blocked from running.
  4. Accept the license agreement.
  5. Go to the Settings tab.
  6. Click Update Now.
  7. Go to the Scan tab.
  8. Run a scan by clicking Scan All Processes.
  9. Tick the items that are associated with the FakeAV infection, then click Clean.
    Note: Restart your computer if you are prompted.
The solution above helps you remove and delete fake antivirus applications such as the following:
  • Additional Guard
  • Advanced Defender
  • Advanced Virus Remover
  • AdvancedVirusRemover
  • AKM Antivirus 2010 Pro
  • Alpha Antivirus
  • AlphaAV
  • ANG AntiVirus 09
  • Anti Trojan
  • Anticare
  • Antimalware Doctor
  • AntiMalware Pro
  • AntiMalware_ProNET
  • AntiMalwareGuard
  • Antimalwarepro
  • Antispyware PRO XP
  • AntispywareD
  • AntiSpywareDeluxe
  • AntiSpywareMaster
  • Antivir 2011
  • Antivir64
  • Antivira AV
  • Antivirus 2008
  • Antivirus 2008 XP
  • Antivirus 2009
  • Antivirus 2010
  • Antivirus Action
  • Antivirus Doktor 4.1
  • AntiVirus Plus
  • Antivirus Pro 2010
  • Antivirus Protection
  • Antivirus Scan
  • Antivirus Soft
  • Antivirus Software Alert
  • Antivirus Studio 2010
  • Antivirus System Pro
  • Antivirus2008y
  • Antivirus7
  • Antivirus_Doktor 4.1
  • AntiVirus_Pro
  • AntivirusPro2009
  • AntivirusScan
  • AntivirusXP
  • AntivirusXP2008
  • AV Protection 2011
  • AV Security Suite
  • AV7.0
  • Avaccine
  • AVClean
  • BitDefender
  • BlueFlare Antivirus
  • boan119
  • BootCare
  • bug doctor
  • CleanV
  • Cloud AV 2012
  • Control Center
  • Cyber Security
  • Data Protection
  • data recovery
  • data repair
  • DdosClean
  • Defense Center
  • Desktop Defender 2010
  • Desktop Security 2010
  • Digital Protection
  • DirectVaccine
  • Dr. Guard
  • Easy Scan
  • EasySafe
  • EasyScan
  • EasyVaccine
  • Enterprise Suite
  • FakeAV with no UI
  • General Antivirus
  • HDD Fix
  • HDD Plus
  • HomeAntivirus2010
  • HomeProtect
  • Info-Safe
  • Infocure
  • infosafe
  • Internet Antivirus Pro
  • Internet Security 2010
  • Internet Security 2011 for Windows XP
  • Internet Security Suite
  • InternetSecurity2010
  • Kaspersky Email Security
  • LifeClean
  • Malware Defense
  • Malware Removal Bot
  • MalwareRemovalBot
  • Master Utilities
  • MClearPC
  • MedicCop
  • Mega Antivirus 2012
  • MicroAV
  • Microsoft Security Essential
  • Microsoft Security Essentials
  • Milestone Antivirus
  • MS AntiSpyware 2009
  • The solution above helps you remove and delete fake antivirus applications such as the following:
  • Additional Guard
  • Advanced Defender
  • Advanced Virus Remover
  • AdvancedVirusRemover
  • AKM Antivirus 2010 Pro
  • Alpha Antivirus
  • AlphaAV
  • ANG AntiVirus 09
  • Anti Trojan
  • Anticare
  • Antimalware Doctor
  • AntiMalware Pro
  • AntiMalware_ProNET
  • AntiMalwareGuard
  • Antimalwarepro
  • Antispyware PRO XP
  • AntispywareD
  • AntiSpywareDeluxe
  • AntiSpywareMaster
  • Antivir 2011
  • Antivir64
  • Antivira AV
  • Antivirus 2008
  • Antivirus 2008 XP
  • Antivirus 2009
  • Antivirus 2010
  • Antivirus Action
  • Antivirus Doktor 4.1
  • AntiVirus Plus
  • Antivirus Pro 2010
  • Antivirus Protection
  • Antivirus Scan
  • Antivirus Soft
  • Antivirus Software Alert
  • Antivirus Studio 2010
  • Antivirus System Pro
  • Antivirus2008y
  • Antivirus7
  • Antivirus_Doktor 4.1
  • AntiVirus_Pro
  • AntivirusPro2009
  • AntivirusScan
  • AntivirusXP
  • AntivirusXP2008
  • AV Protection 2011
  • AV Security Suite
  • AV7.0
  • Avaccine
  • AVClean
  • BitDefender
  • BlueFlare Antivirus
  • boan119
  • BootCare
  • bug doctor
  • CleanV
  • Cloud AV 2012
  • Control Center
  • Cyber Security
  • Data Protection
  • data recovery
  • data repair
  • DdosClean
  • Defense Center
  • Desktop Defender 2010
  • Desktop Security 2010
  • Digital Protection
  • DirectVaccine
  • Dr. Guard
  • Easy Scan
  • EasySafe
  • EasyScan
  • EasyVaccine
  • Enterprise Suite
  • FakeAV with no UI
  • General Antivirus
  • HDD Fix
  • HDD Plus
  • HomeAntivirus2010
  • HomeProtect
  • Info-Safe
  • Infocure
  • infosafe
  • Internet Antivirus Pro
  • Internet Security 2010
  • Internet Security 2011 for Windows XP
  • Internet Security Suite
  • InternetSecurity2010
  • Kaspersky Email Security
  • LifeClean
  • Malware Defense
  • Malware Removal Bot
  • MalwareRemovalBot
  • Master Utilities
  • MClearPC
  • MedicCop
  • Mega Antivirus 2012
  • MicroAV
  • Microsoft Security Essential
  • Microsoft Security Essentials
  • Milestone Antivirus
  • MS AntiSpyware 2009
  • MS Removal Tool
  • Multicare
  • MultiClean
  • My Security Shield
  • MyPCCheck
  • oneclick
  • OpenCloud Antivirus
  • PC Scout
  • PC_Security2009
  • pcclear
  • PCClearPlus
  • PcClearSophos
  • PCHealthCenter
  • PCLock
  • pcplus
  • Perfect Defender 2009
  • perfectcure
  • Personal Antivirus
  • Personal Guard 2009
  • Personal Protector
  • Personal Security
  • PersonalAV
  • PersonSecurity
  • PersSecurity
  • Power-Antivirus-2009
  • Privacy Info
  • Privacy Protection
  • PrivacyAlpha
  • Privacyhidden
  • PrivacyKeep
  • privacyn
  • PrivacyPC
  • proboan
  • prodefence
  • Protection Center
  • Protection System
  • ProVaccine
  • Quick Defragmenter
  • QuickDefragmenter
  • Registry Doktor
  • Registry Tool
  • RegistryTool
  • RegTool
  • RESpyWare
  • SafetyCenter
  • SecureLive
  • Security Center
  • Security essentials 2010
  • Security Essentials 2011
  • Security Shield
  • Security Solution
  • Security Solution 2011
  • Security Sphere
  • Security Sphere 2012
  • Security Tool
  • SecurityCenter
  • Securityessentials2010
  • SelfPrivacy
  • Smart Antivirus 2009
  • Smart Engine
  • Spyware Guard 2008
  • Spyware Guard 2009
  • Spyware Protection
  • SpywareRemover2009
  • Sysinternals Antivirus
  • system check
  • system fix
  • System Guard 2009
  • System Repair
  • system restore
  • System Security
  • System Security 2009
  • System Security 2010
  • System Security 2011
  • System Tool
  • SystemSecurity2009
  • SystemTool
  • ThinkPoint
  • Total PC Defender
  • total protect
  • Total Security 2009
  • Total Security 2010
  • Total Security 2011
  • TRE AntiVirus
  • Trust Warrior
  • Ultimate Cleaner
  • Ultimate Defender
  • UltimateCleaner
  • User Protection
  • Vaccinecom
  • VaccineFree
  • VaccineProgram
  • VCBoan
  • VirusKorea
  • VirusRemover2008
  • VirusRemover2009
  • VirusScan
  • VirusTriggerBin
  • Win Antivir 2008
  • WinAntiVirus Pro 2006
  • WinAntivirusPro
  • WinAntivirusPro3.8
  • WinDefender
  • WinDefender 2009
  • Windows Alert
  • Windows Antivirus Pro
  • Windows defender
  • Windows OneClick
  • Windows Security Alert
  • Windows XP Fix
  • Windows XP Recovery
  • Windows XP Repair
  • Windows XP Restore
  • WindowsAntispyNetwork
  • WindowsDebuggingAgent
  • WindowsInviolabilitySystem
  • WindowsLiveProtect
  • WindowsMicrosoftGuardian
  • WindowsStableWork
  • WinPC Antivirus
  • WinPC Defender
  • Winweb Security
  • Wireshark Antivirus
  • WiresharkAntivirus
  • xp security 2012
  • XP/Vista/Win7 antispyware
  • XP/Vista/Win7 Antispyware
  • XP/Vista/Win7 Antispyware 2012
  • XP/Vista/Win7 Antivirus
  • XP/Vista/Win7 Antivirus 2012
  • XP/Vista/Win7 Home Security 2012
  • XP/Vista/Win7 Internet Security 2012
  • XP/Vista/Win7 Internet Security 2012
  • XP/Vista/Win7 Police Antivirus
  • XP_SecurityCenter
  • XPPoliceAntivirus
  • XPProtectionCenter
  • XPSecurityCenter
  • XPShield
  • Zentom Security Guard
  • Zentom System Guard


Rate this Solution
Did this article help you?  
 
 Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on