I am not a computer expert at all, but I’m very proud that I was able to rid my friend’s computer of the rogue program called Antivirus Security Pro. I had one similar to it years ago and I vowed if I ran into it again, I would find a way to get it off rather than spending all day reinstalling everything. I was on the phone with her when she said, “Aw, sugar! I have a virus!”
It was telling her she had a bunch of viruses, worms, trojans, etc. and that she should pay for the full version to get them off. It’s very alarming and confusing when you first see those messages popping up. “Wait. Is that what my antivirus program does when something is found?” As soon as you realize it’s not, it’s very hard to resist clicking on the boxes to close them.
Do not ever click on those boxes. Ever. Those little x’s don’t close them. They’re fake and you will actually download something bad. Instead, hit Ctrl+Alt+Delete, open the Task Manager, and then end all programs. After that, immediately update your antivirus definitions and do a full scan, not a quick scan. I have done that at least a few times and it worked.
I believe my friend clicked to close the boxes, which made things much worse. It shut down her Internet and blocked every single .exe program, telling her they were infected files, including her task manager. After I couldn’t help her fix it over the phone with everything I looked up, I told her just to bring her laptop over and I would help her.
I downloaded Malwarebytes onto a thumb drive from my computer, which is a great program and it’s free. I put it in her computer and of course when I tried to start it, it blocked it. That’s when I remembered a problem I had years ago and how I solved it by right clicking on it and selecting “run as administrator”. Yes! That overrode it!
The next hurdle was accessing it because the pop-up windows were blocking it. My friend has Windows 7, so I was able to hover over the program on the task bar, which brought up a tiny window. If I hovered over that, it would appear in front of everything, but as soon as I would click on it, the pop-ups were in front again. So I hovered again and realized if I hit “enter” it would automatically select the button to start scanning. I was hoping the definitions would be updated enough to remove the malware, but it wasn’t. We still couldn’t get her Verizon wireless connection to work and it said the device wasn’t detected. I also tried it in Safe Mode with Networking, but no luck.
At one point, the arrows weren’t even working, making it impossible to get into Safe mode. Needless to say, it was extremely frustrating. I used a program called Rkill and that seemed to solve that problem or else it was a coincidence. It didn’t stop the malware from running though like I hoped. I also figured out how to make the computer restart in Safe Mode. I went to Start, typed in “msconfig”, clicked on the Boot tab, and then clicked on the box that tells it to start in Safe Mode. We were able to scan with Microsoft Security Essentials in that mode and it found problems, but it wasn’t able to remove them at the moment.
I felt like if we could somehow get the Internet back, we would be able to conquer it. Then I realized I hadn’t tried right clicking on the Verizon program and selecting “run as administrator” again. So I tried it and we were thrilled when it worked! From that point, I was able to update the definitions for Microsoft Security Essentials and Malwarebytes. I did a full scan for both and they found around 15 problems. After hours of scanning with MSE, I started Malwarebytes around 2am and went to bed. I woke up at 6:30am and saw it was done. Once again, I hovered over the little window, hit “enter” to remove everything, and then I restarted, bracing myself for another failure. We had tried so many things, only to see those annoying boxes again.
It’s been a few days now and there haven’t been any problems. In your faces, hackers!!! You were just outsmarted by someone who isn’t very computer savvy at all.
In short, the key to fighting Antivirus Security Pro seems to be “run as administrator”. I’m extra proud because there weren’t any sites that suggested it. 😀 I hope this information will help someone out there.