Removing Rogue 'Security'
Print
PC MightyMax 2009 was included with the purchase of my new HP a6827c with Windows Vista. After trying out MightyMax I decided I didn’t want it due to its obscene costs. I obtained the instructions for removal—go to the Start menu, go to the PC MightyMax folder, and hit the uninstall button, but the software does not fully uninstall. Help!
—Shannon Swank
Doctor, I managed to get two computers infected with AntiVirus2009, simply by following a link to a video review online. Both machines run Windows XP Professional SP3. One is a Dell Vostro laptop, the other is a desktop I built about three years ago.
I’ve run Malwarebytes’ Anti-Malware, which removed a bunch of copies, Rogue Remover, SuperAntiSpyware, ThreatFire, and ZoneAlarm Internet Security, but every so often a new browser window will suddenly open and try to access AntiVirus2009.com. I’ve looked at every website on the Internet (well almost) and nothing I’ve tried will get rid of it on either computer. The only way I’ve been able to keep using the computers is to manually block antivirus200*.* in ZoneAlarm. Every time I check the log, there’s entry after entry where it tried to send an ICMP ping to that website or tried to open Firefox to access it. I’m at the end of my rope. I don’t know what else to do and I’m sure that there are other people out there having much the same problem as I am. Is my only hope to re-install Windows?
—Steve Rugg
Ah, our least favorite kind of malware: the kind that masquerades as useful software. Here we have two of the most insidious and widely spread flavors. PC MightyMax is a fake antivirus app that throws up false positives in an attempt to get you to pay for it. The Internet is full of people trying to remove PC MightyMax, and the general consensus is that Malwarebytes’ Anti-Malware (www.malwarebytes.org) will remove the program. If not, you’ll have to remove it manually. Start the Task Manager and end the following processes: pcmm.exe, ExeAfter.exe, PCMightyMaxSetup[1].exe, and any other processes with PC MightyMax in the title or location. Then run msconfig and prevent them from running at startup. Reboot and delete the folder. Run CCleaner (www.ccleaner.com) to remove registry crud.
Antivirus 2009 is another faux-security malware program, but it’s even more insidious. Since you’ve already tried Malwarebytes’ Anti-Malware, which effectively removes most malware (including, for most people, Antivirus 2009), but your problems persist, you’ll want to check out our full malware-removal how-to for detailed instructions on purging your machine of baddies. If your problems persist even after a thorough scrub-down, however, you may have to reinstall Windows. It sucks, we know, but not as much as a security-compromised PC.
 |
SUBMIT YOUR QUESTION Are flames shooting out of the back of your rig? First, grab a fire extinguisher and douse the flames. Once the pyrotechnic display has fizzled, email the doctor at doctor@maximumpc.com for advice on how to solve your technological woes. |
More like this
JohnP
November 15, 2009 at 3:50pm
Amonst all of these antivirus and antimalware programs, you need to have at least one and better two registry cleaners. Registry cleaner will remove the nasty reg lines that keep reloading the malware. Sometimes the antimalware will catch these but not always.
I use RegSupremePro and Tuneup Utilites for reg cleaners. RegsupremePro is the best of the two but TuneUp has a lot more features.
big_montana
November 06, 2009 at 6:02am
The problem with most spyware is that it likes to hide out in your system restore, so even after you think you have successsfully removed it; after a reboot it restores itself form system restore and reinfects your system. You will need to disable system restore (doing so will delete and restore points you have created), I also disable the system restore service as just disabling system restore does not always do the trick.
linkmaster6
November 05, 2009 at 11:49am
I've fought AV08/09/10 Windows Police Pro almost daily here a few months ago, Spybot does wonders on them but not so great on police pro. Its not antivirus or antimalware but revo works nicely on some of them
Bluntknife
November 04, 2009 at 2:21pm
Antivirus 2009 is an easy one.
I've gotten rid of it a bunch of times using combofix. You'll just need to clean up the rest of the folders manualy after you run it.
But there is a new one. Called Antivirus pro or something, Blocks all antiviruses from running (blocks the .exe) blocks combofix, malware bytes, even from booting into safe mode (Gives you a blue screen)
Since I don't have a usb dongle or anything, I just put Linux mint on my laptop.
Hg Dragon
November 04, 2009 at 2:35pm
The link I posted has a small reg fix if launching .exe's (well, trying to launch them, actually) results in a command prompt window that flashes by quickly or nothing at all for that matter.
COMMANDER_COOK
November 04, 2009 at 1:42pm
I've removed Antivirus 2009 and similar things many times from many computers and never had any problems doing so. (although one computer prevented some of my AVs from running-no surprise that Adaware caught some 500 threats).
I use Hiren's Boot disk to do most virus cleanup as I don't want to connect an infected computer to a network or connect a flash drive.
Hiren's boot cd is considered Warez, but it is a lifesaver.
Mcaffee gives a false positive on some of the older versions of this disc because it contained an unofficial mcaffee definitions updater, but rest assured it was not a virus.
Hg Dragon
November 04, 2009 at 1:07pm
I hate, HATE, HATE! this particular piece of Internet filth and all of it's mutations. I spent an entire week removing this pile of garbage form three infected machines at my office (and one of them was a repeat offender...). I found a nice site with some version-specific tools to remove the nasty liitle tidbits that Malware Bytes/SuperAntiSpyware/Spybot leave behind for whatever reason.
http://www.myantispyware.com/2009/07/27/how-to-remove-windows-antivirus-pro-uninstall-instructions/
The sidebar on the right will take you to version-specific removal tools. It's helped me quite a bit with one particularly deep-rooted install.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Microsoft on Patents: Can't We All Just Get Along? http://t.co/g0vginvG57 min 52 sec ago
- maximumpc: Google Drive Cloud Storage: Is Google Preparing To Muscle In On Dropbox? http://t.co/lCWzeYmS1 hour 22 min ago
- maximumpc: Google Tries to Bribe Web Users with Gift Certificates to Track Surfing Behavior http://t.co/rbf2UdDs2 hours 16 min ago
