October 16, 2017

Fake anti-spyware programs and how to deal with them.

Almost every person, that uses computer running Windows operating must have encountered it. All of a sudden, while you surf the internet, you get a pop-up window,  saying your computer is in danger, your browser is infected and tries to steal your credit card info, your computer is plagued by Trojans, et cetera. Actually, that is true. You’ve got one very annoying trojan, that claims to be an anti-virus and it may cost you hours of your time or even your files to get it off your PC.

Main window of such fraud antivirus program may look like this:

fake antivirus popup screen remove button


or like this:

Image result for Fake anti-spyware programs


(these two seem to be among the most popular, we’ve received quite a lot user questions regarding them in recent days).

Curing your computer

There are always good tools available to download. I’d recommend going for either Malwarebytes removal tool or SpyBot Search&Destroy


If you decided to remove the spyware manually, here are the steps:


1. Stop the processes.

Bring up Task Manager (Ctrl-Alt-Del) and look for the process names that can be related to the program. For example, PC_Antispyware2010.exe or jugifyryve.exe. They may, of course, vary for different “antiviruses”. If there are any suspicious processes, stop them.


2. Look for registry keys.

For example :
HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “PC Antispyware 2010”

Pay attention to the last entry. Any entries put in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run are going to be executed at startup. Delete the entry related to the fake antivirus, or (it would be even better) right-click it, select Modify, and delete the command that is there.


3.  Remove the files.

If you succeeded in completing the first two steps, the fake antivirus can now be removed. You should know where to look for the files. In case of Anti-Spyware2010, they are:


c:\Program Files\Common Files\aqamodero.dat
c:\Program Files\Common Files\hubeweqa.lib
c:\Program Files\Common Files\jatikysup._dl
c:\Program Files\Common Files\ofyxodaqa.dat
c:\Program Files\Common Files\sahaso.bat
c:\Program Files\Common Files\zotys.bin
c:\Program Files\PC_Antispyware2010
c:\Program Files\PC_Antispyware2010\AVEngn.dll
c:\Program Files\PC_Antispyware2010\htmlayout.dll
c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\Program Files\PC_Antispyware2010\pthreadVC2.dll
c:\Program Files\PC_Antispyware2010\Uninstall.exe
c:\Program Files\PC_Antispyware2010\wscui.cpl
c:\Program Files\PC_Antispyware2010\data
c:\Program Files\PC_Antispyware2010\data\daily.cvd
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\Documents and Settings\All Users\Application Data\pybisezyr.db
c:\Documents and Settings\All Users\Application Data\ulycozoho._dl
c:\Documents and Settings\All Users\Documents\ekenubes.com
c:\Documents and Settings\All Users\Documents\icosagula.reg
%UserProfile%\Application Data\jugifyryve.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
%UserProfile%\Local Settings\Application Data\xoqupuwytu._dl
%UserProfile%\Start Menu\Programs\PC_Antispyware2010
%UserProfile%\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
%UserProfile%\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk

Print Friendly, PDF & Email

Was this article helpful?

Related Articles

Print Friendly, PDF & Email