This trojan tries to compel you into buying a piece of software program to eliminate adware it indicates it has discovered. It’s a type of rogue advertising which absolutely screws up your computer. One cannot run most programs or go on the web and these alerts continue popping-up.
This applies to all Windows version: - (XP, Vista, Windows 7)
The best software program to use is Malwarebytes’ Anti-malware application (make certain you update the application to the most recent version). Because this is really malware and not in actual fact a virus, it is undetected by the majority of antivirus programs.
Run or Download and install Malwarebyte (use another system if need be as the Trojan disables the browser Internet Explorer, Chrome and Firefox)
1. After Download and Install of Malwarebyte
2. Click Scan
Never ever Click Clean computer or Apply Action on the Fake Windows Security Essentials Alert window.
You will also notice that several attempts have to be made to close this Alert either by clicking the Close button (bottom right) or Close (X - top right). It just opens up again, so don’t worry. On Malwarebyte is running and finds it will clean it whether the app is running or not.
3. Select Perform full scan
4. Click Scan button
5. Select all the drives that appear by ticking them. Except a CD is in the drive to scan it makes no sense choosing the CD/DVD drive. Bear in mind that the virus may be found on a cd but cannot be deleted, it much better to take off what one want from the cd and break it.
6. Click Scan button
Malwarebyte will now run a complete examination of your system. This will take minutes or hours according to the amount of hard drives inside of your system or the gigs of the hard disks on your PC. However be tolerant and let the application do its job.
NB: Malwarebyte will give details on the amount of malware ended up being discovered once the scan is done.
7. Click Remove Selected button
These are the files connected with the Adware- FakeAlert. The core file is usually Antispy.exe and these files are usually found in the:
:UserUserNameAPPDAtaRoaming”Adware name” - File
C:UserUserNameAPPDAtaRoaming”Adware name” -Memory Process
C:UserUserNameAPPDAtaLocalTemp”8F……...” - File
HKEY_CURRENT_USERSOFTWAREMicrosoft……- Registry Value
All of these need to be deleted and in my experience, only MalwareByte removes all, the other software leave one or the other and the Adware comes back.
8. After the removal had been completed click “Yes” to restart your PC as prompted. This will ensure complete elimination of the Virus.
A log file will popup telling you of the work completed to eliminate the Virus contamination and this is found in the logs folder for future reference. Get there by clicking the Logs tab on Malwarebyte interface.