Rogue Anti-virus applications are being produced in ever increasing numbers each week now. Why? This is a scam that works big time! Rogue Anti-Virus scams are able to steal money, credit card numbers and sometimes entire identities. Below you can see the life cycle of a Rogue Anti-Virus scam.
1. You get infected with a Trojan like Virtumonde (via an outdated Java Runtime Environment).
2. The Virtumonde Trojan displays fake system alerts (in the form of system balloon popups), uses popunders and search redirection in your browser in an effort to convince you that your PC is infected and can only be cleaned with “special anti-virus software”.
3. At this point the user is in a panic and proceeds to purchase the rogue anti-virus.
4. Now the really bad part starts. The poor pc user just paid $30-$90 AND gave their identity with valid credit card info to an international ring of thieves.
5. Next, the rogue anti-virus gets installed, run and then….does nothing. Our user just got duped.
6. Now, the user must hire a consultant (like myself) to clean the rogue anti-virus and all the other infections associated with it.
I see so many clients with Rogue Anti-Virus infections each week. Typically, about 1 out of 7 of my clients will purchase the Rogue Anti-Virus application and then they usually see numerous credit card charges about 3 weeks later (that’s before I get there). I usually instruct clients to cancel the credit card they used to purchase the Rogue Anti-virus and purchase some identity protection (for a year at least).
Thankfully removing Rogue Anti-Virus is really pretty easy; however the Trojans that downloaded and installed the Rogue Anti-Virus are sometimes very difficult to remove. They are 2 methods I use to remove Rogue Anti-Virus. One method is free and the other costs about 40 dollars.
Method 1 – The free, but a bit difficult method
The best part about this method is that it’s free. It targets the Rogue Anti-Virus and the other malware associated with it. You’ll need 4 applications.
1. AVG Anti-Virus Free V8
2. SuperAntiSpyware
3. MalwareBytes’ Anti-Malware
4. Spybot Search and Destroy
First, uninstall your current anti-virus since it’s not doing the job anyway. We will be installing a new anti-virus (AVG Anti-Virus Version 
which you can start doing right now. After AVG 8 is installed and updated please go ahead and install the remaining 3 applications. Be sure to update each application after you install it (each application has an update menu or button).
Reboot your PC in safe mode (by tapping F8 during your PC’s startup). Once in safemode perform full scans with the 4 applications above (in that order). Quarantine anything considered an infection. Reboot. Your Rogue Anti-Virus has probably been removed along with the Trojans that downloaded it. If you’re using IE7 or IE8 make sure you perform a reset on the browser as well.
Method 2 – The easy method, but it’s not free
Download Spyware Doctor with Anti-virus. Uninstall your old anti-virus. Install Spyware Doctor with Anti-virus and register it. Click yes to enable the OnAccess Guard and then click Smart Update. Download and install all the updates. Run a Full Scan and then fix everything the scan finds. Reboot. Your Rogue Anti-Virus has probably been removed along with the Trojans that downloaded it. If your using IE7 or IE8 make sure you perform a reset on the browser as well.
Final Malware Clean Up Notes
If you have system menus that are missing or inaccessible ComboFix does a really good job at restoring those. Download ComboFix. Disable Spyware Doctor or AVG. Run ComboFix. Let ComboFix reboot your PC. Re-enable your anti-virus.
At this point you should be malware free.
