Tag Archives | fake antivirus

RKill Helps You Remove Fake Anti-Virus and Other Rogues Easily

Chances are if you use the internet you’ve encountered a fake anti-virus application.  They are everywhere these days and they’re getting much better at bypassing conventional anti-virus.

There are lot’s of ways to kill these rogue’s, however Rkill makes it really easy!  The guys over at bleepingcomputer are nice enough to make these tools (and make them free too!) .

Here’s how I use Rkill.

  1. Copy Rkill(s) to a folder on my USB stick.
  2. Make my stick read only (little switch on the stick).
  3. Put the stick in the clients computer with the fake antivirus.
  4. Open a copy of Rkill.
  5. Rkill detects the Rogue and kills the process.
  6. I manually delete the rogue since Rkill provides a log with the rogue’s location.
  7. Run Malwarebytes
  8. If it’s a 32-bit OS I’ll scan for rootkits as well.

Here are the Rkill downloads.  Each Rkill download is essentially the same.   If the fake anti-virus blocks one of them the other is probably going to work.

RKill download links:


Continue Reading · 47

XP Home Security 2011 and 2012 Simple Removal

Hey, look who’s still around (and updated)!  It’s our good ole rogue XP Home Security now full updated for 2011 and 2012.  This version that I encountered disabled the customers Norton Antivirus 2010 and prevented them from loading any .exe or website.

Here’s how I quickly removed XP Home Security 2011 or 2012:

  1. Used RKill.scr (the .com .exe and .pif versions were killed by the rogue).  Rkill.scr terminated the rogue.
  2. Installed Malwarebytes, updated, scanned and removed all items.
  3. Turned off proxy settings in internet explorer.
Continue Reading · 11

The XP Rogues (Fake Anti-virus) are Back for 2011

It’s the Operating System that will not die and is still favored by so many…Windows XP.  Malware authors and distributors know this and consequently have made a new round of Rogues (fake antivirus) to trick users into handing over their cash and worse, their identities.

Yesterday I encountered 2 new XP Rogues:

  1. Windows XP AntiSpyware 2011 – Vipre eventually killed this one, but did allow it to load and run.
  2. XP Internet Security – Microsoft Security Essentials just ignored this one.  I had to use Malwarebytes to get rid of it.

Here are some screen shots of these two new XP Rogues (click for a larger image):



Continue Reading · 12