The only rogue I’ve been seeing this month (over and over again) is the AntiVir Solution Pro (a.k.a – Antivir Security Suite). This rogue (fake) Anti-Virus installs itself instantly and then:
- prevents the user from using the internet.
- loads generic porn sites.
- tells the user that a “key logger” may have been installed or their credit card information is being stolen or that they have dozens of viruses on their PC.
- prevents any other .exe from opening saying that “.exe is infected”.
- sets proxy server settings to 127.0.0.1 (localhost) and a random port which the rogue listens on. This is so it can redirect you to a random porn site or to the rogue’s “buy me now” page.
- may or may not come with a “pack” of other infections such other downloaders or a rootkit (if this is a 32-bit OS). 64-Bit OS’s may see an increase in downloaders in c:\Users\*
How To Remove AntiVir Solution Pro:
- Download Dr. Web’s Live CD and burn the ISO to disc.
- Boot from the Dr. Web Live CD.
- Scan the following directories (if they exist) – c:\users or c:\documents and settings and c:\windows\. This may take about an hour to complete. Dis-infect (cure) anything that it finds.
- Reboot into safemode with networking by tapping the F8 key.
- Now that you’re inside safemode with networking we need to turn off the proxy server settings. Refer to this article on how to turn off proxy server settings.
- Download CCleaner.
- Run it and clean all the temporary data for the user logged on (you have to do this for each account on your computer).
- It’s time to load Malwarebytes. Download the latest copy of Malwarebytes and update it.
- Run a Full scan with Malwarebytes (if you have the time, if not, quick scans are usually enough). Remove anything Malwarebytes finds and reboot into normal mode.
- You should be all clean now.
Look for my next post which will show you how to block rogues like AntiVir Solution Pro.