Disinfecting Fake Antivirus Infections

My computer is infected with one of those fake antivirus programs and I’m being told that the best way to get rid of it is to wipe Windows out and start over. Is this true?

- Melody

This question was answered on January 6, 2012. Much of the information contained herein may have changed since posting.

---

Rogue software developers have been having a field day infecting millions of unsuspecting Internet users with fake security programs that pop up claiming that your computer is infected ( My advice on sidestepping fake security pop-ups is posted here: http://goo.gl/DmddI )

If you fall for this very common scam, you could end up with a real mess on your hands (especially if you are running Windows Vista) and in some cases, the best cure is a complete reload of your operating system, but it should never be the first choice.

In most cases, a diligent technical person can remove the malware and fix the corruption that often remains after the disinfection without having to wipe everything out and start over.

The easiest way for a lazy technician to fix the problem is to wipe everything out and start over again, so if this is the first solution suggested by whoever is helping you, I would suggest getting a second opinion.

While this fix is easy for the technician, the amount of grief and frustration and the potential lost data that comes with having to start over again for the user can be overwhelming.

Improper or incomplete removal can also render a computer useless or so unstable that the only recourse is to start from scratch, so be cautious with DIY fixes you find on the Internet

In our repair facilities around the country, only 10-20% of the computers we service require that we wipe out Windows completely, so the chances are good you can avoid it in most cases.

When this scam first started appearing years ago, it was relatively easy to download and run a cleanup program that would disinfect your computer, so the bad guys stepped up their game.

Part of the problem with cleaning up the current crop of malware infections is that the developers build in a very strong set of defense mechanisms that prevents your computer from running or accessing any resources that could be used to clean it off.

For instance, many folks find that when they try to go to a known Internet site that hosts tools or cleanup resources, they are redirected to the scammers website that offers to sell the cure instead.

With some infections, your Internet connection and ability to access diagnostic resources built into Windows (such as regedit and msconfig) are cut off completely to keep you from cleaning it off.

In a lot of cases, in order to properly disinfect the computer, you must boot to a clean device (CD, DVD, flash drive or another hard drive) that already has a set of the proper cleanup tools loaded on it.

If you start a computer that has an infected operating system, it makes cleaning it difficult or in some cases, impossible because the defense mechanism engage as soon as you start the computer We generally remove the infected hard drive from our customers computer and connect it as a second hard drive on a clean computer to perform the disinfection.

You should never pay any online resource that is associated with any type of pop-up warning, no matter how convincing it is unless you know for sure that its the brand of security software that you purchased and installed on your computer.

If you dont know the name of your security program or what it looks like, take a minute to learn now so you dont get fooled in the future.

If you have fallen for this scam and gotten ripped off in the past, the FTC is in the process of reimbursing some victims based on a settlement agreement with a number of the scam companies: http://goo.gl/o5Iuz

About the author

Posted by Ken Colburn of Data Doctors on January 6, 2012

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!