After my previous post about how to remove Thinkpoint antivirus, a lot of things have changed. We have another new fake antivirus called Antivirus Action, a malware infecting computers which tricks users into thinking that it is a legit and free antivirus. Usually, you get it while surfing malicious websites which pop-up fake warning windows and scanners on the computer screen. At this point the fake antivirus window will warn that your computer is full of viruses and will prompt you to download the free Antivirus Action. So let’s see how to uninstall and remove it! Be Aware that most of the time your computer, after removing the fake antivirus, will become sluggish or unresponsive so that it might be necessary to reinstall the operating system completely.
As soon as you install Antivirus Action, it will start scanning your computer and will report you that your machine is full of threats and viruses. Of course it is not true because no scanning is performed at all. The whole purpose is to convince you to pay for the full version of the software. The malware will also automatically start every time you boot your Windows operating system and each time it will warn you about infections and viruses.
Antivirus Action is coded to prevent you from performing any kind of action while it fakely scans your computer and, as a consequence, you will be stuck in front of your screen waiting for the malware to finish its phony scanning. It will also report your the following security warning: “Windows Security Alert – Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.” Antivirus Action will also hack your Internet Explorer browser so that every time you open it you will get warning messages.
Here is the removal procedure and legit and free programs that will help you get rid of this pestware!
1) Reboot your computer and press the F8 key. This will let you access to the Windows Advanced Menu Option. Now, select the following option: Safe Mode with networking and press Enter. This option will let you reboot your PC in Safe Mode and at the same time you will be able to access the Internet. The goal of this is to temporary disable certain Antivirus Action features so that you will be able to remove the virus easily.
1.1 Run Internet Explorer.
1.2 Click Tools – Internet Options.
1.3 Now, click Connections Tab and click to Lan Settings button.
1.4 Untick the Use a proxy server check box.
1.5 Click OK .
2) Download rkill.com . This small software will let you get rid of of certain processes which could prevent you from removing Antivirus Action.
3) Now, download and run Malwarebytes’ Anti-Malware . This software is not free. It is shareware but its “limited-mode” will let you get rid of certain files belonging to the fake antivirus. As soon as Malwarebytes starts you have to instruct the software to perform a full scan of your system. Please, be aware that this scanning may take quite along time but you can be certain that at the end other, new, dangerous files fill be removed from your machine.
4) Now, download and run Hostsperm.bat . You have to know that Antivirus Action, after being installed, it will automatically uninstalled your Windows HOSTS file. Hostsperm will replace it with a new one!
5) Now, get rid of C:\Windows\ System32\ Drivers\etc\ HOSTS. After you have deleted it, download all these files and put them in the following folder: C:\Windows\ System32\ Drivers\ etc:
6) Reboot your computer.
7) Download and run Spybot Search&Destroy. This excellent software will scan your whole computer looking for malicious pestware and malware and it will also get rid of Antivirus Action leftovers.
8 ) If you want to completely clean your computer and give it its “old freshness” you could even try to remove the following registry keys. This will make your computer faster and more responsive.
Files and Registry keys to remove in Windows 7 registry
Delete these files:
- C:\Users\Username \AppData \Local\Temp\ [random characters of words and numbers]
- C:\Users\Username \AppData \Local\Temp\ [random characters of words and numbers]\[random characters of words and numbers]yhsn.exe
Delete these registry values:
- HKEY_CURRENT_USER\ Software\ [random characters of words and numbers]
- HKEY_CURRENT_USER\ Software\Microsoft\ Internet Explorer\PhishingFilter “Enabled” = “0″
- HKEY_CURRENT_USER\ Software\Microsoft\Windows\ CurrentVersion\Internet Settings “ProxyOverride” = “”
- HKEY_CURRENT_USER\ Software\Microsoft\Windows\ CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:33921″
- HKEY_CURRENT_USER\ Software\Microsoft\ Windows\ CurrentVersion \Internet Settings “ProxyEnable” = “1″
- HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\CurrentVersion \Run “[random characters of words and numbers]yhsn.exe”
- HKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Run “[random characters of words and numbers]yhsn.exe”
What follows is very good visual tutorial (video) which will guide you through the different steps to take to uninstall the pestware. Very good info and cleared explained!
Tags: antivirus, video, Windows 7
Related Articles Latest Articles
- How to Change and Use Timezone (Tzutil) in Windows 7
- Enhance the Security of your Login Password in Windows 7
- How to Activate Hardware Acceleration and WebGL in Opera 12
- Fix “This PC Doesn’t Meet System Requirements. If You Want to Install Windows 8, You May Have to Upgrade…” Error
3 Comments to “How to Remove Fake Anti Virus Action”
Leave a Comment
Web Talk is best viewed in Firefox.