RemoveAdware.Com.Au

Rogue Anti-Spyware


Kudos:

"I was infected by SystemTool today. Thanks for the help on the page. I have removed it completely"
- L. Lepsøe

"I want to express my thanks for the information on removing the browser hijacker. I took the steps you suggested and the follow-on precautions to prevent future infections... Thanks again"
- Carlos

"You guys rock. Your instructions were spot on! Thank You"
- J. Powell


For information about rogue security programs and how to remove them.


Rogue security applications - a top security threat

With the increasing number of various malware programs floating around on the Internet, installing an anti-spyware program is a must rather than luxury. And while this trend should increase your overall network security, some scammers have found a way to use rogue anti-spyware software as well as other types of rogue security programs (aka rogueware) to siphon even more money out of our pocket.

A rogue anti-spyware application is, in short, an almost (or completely) useless anti-spyware tool that claims to improve the system's security, but in truth, it only tricks the users into buying a useless program. In worst cases, rogue anti-spyware may even actively download adware and spyware programs to your PC. The following graphic shows the typical fake pop-up alerts that attempt to pursuade the user into purchasing their product:

Fake Alert Message - System Error!

fake alert message

Another ploy is to use pop-up balloons generated from the Windows task bar or system tray. They have all the appearance of a genuine Windows system message but are in fact spawned by rogue antispyware programs. It is unlikely that your PC is infected by anything other than the rogue antispyware program itself

Fake Pop-up Balloon - Your Computer is Infected!

rogue antispyware fake pop-up

 The number of rogue anti-spyware and security programs is increasing almost daily, but most of them are only variations programs that already exist. The best protection about them is knowledge. That's why the list below is so important: it contains most known rogue anti-spyware names so you know which pop-up ad to avoid and which ones might be worth a closer look.

Security Sphere 2012 is a rogue antispyware that uses marketing tactics such as fake security alerts, pop-ups and system scans. Its aim is to scare the user into buying the full-version. Added 1st October 2011.

Win7 AV is a rogue antispyware program that shows pop-up alerts stating your computer is infected. Clicking the pop-up shows a fake online scanner and states that your computer is infected. It's goal is to alarm the user into installing and buying Win7 AV. Added 7th September 2010.

Microsoft Security Essentials Alert is a Trojan that pretends to be an authentic Microsoft security program that attempts to sell you one of five different rogue antivirus programs. It says that Unknown Win32/Trojan was detected and is a severe infection, which of course is a false statement. It then lists 30 antivirus programs, 25 of which are legitimate programs. However it is only the 5 rogues that are programmed to find the false infection, so the user is prompted to download one of those to remove the infection. The 5 roguewares are:

  1. AntiSpySafeguard / AntiSpy Safeguard
  2. Major Defense Kit
  3. Peak Protection 2010
  4. Pest Detector 4.1
  5. Red Cross Antivirus

ThinkPoint is another rogueware that mimics Microsoft Security Essentials. It displays a fake warning about Unknown Win32/Trojan and prompts the user to run a scan that subsequently states that C:Program FilesMessengermsmsgs.exe is infected with Trojan.Horse.Win32.PAV.64.a, and that it will install ThinkPoint. After the user reboots the computer ThinkPoint prompts the user to scan the computer again which then displays a number of fake detections.

AWM Antivirus is a rogue antivirus program, installed by Trojans, that attempts to scare the user into buying the product by reporting fake infections. Fake warning messages displayed:

Your computer is infected! Windows detected spyware infection!
It is recommended to use special antispyware tools to prevent dataloss. Windows will now download and install the most up-to-date antispyware for you.

System warning!
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. It's highly recommended you scan your PC right now.
 

AVDefender 2011 is a rogue antivirus program that employs tactics to evade detection by security programs. It replaces your Windows explorer.exe with it's own executable, flags legitimate programs as viruses and will prevent many normal applications from running. For instance, trying to run Notepad will result in a fake error message "Windows Security Alert" stating that the Notepad application crashed because of the Conflicker.Worm.Virus. This of course is untrue and any files it says are infected should not be removed.  Added 27th August 2010

Fake Windows Registration Checker  pretends to be an authentic Microsoft Windows registration checker. It remains resident in the background and displays popup adverts. It also prompts the user to enter personal information including a credit card number. A message is displayed informing the user that the credit card number is only required for verification. This is a Trojan and should be removed as soon as it's detected. Needless to say you shouldn't input your credit card number.

Antipiracy Foundation Scanner / Copyright Violation Alert pretends to be the ICPP Foundation (icpp-online.com). It issues a fake warning message headed with "Copyright violation: copyrighted content detected” which attempts to extort money from the user.

Microsoft Windows Activation / Microsoft Piracy Control trojan pretends to be an authentic Microsoft Windows activation screen. It asks for credit card details and holds your PC at ransom if refused. The associated message is:

Your copy of Windows was activated by another user. To help reduce software piracy, please re-activate your copy of Windows now. We will ask for your billing details, but your credit card will NOT be charged. You must activate Windows before you can continue to use it. Microsoft is committed to your privacy. For more information, www.microsoft.com/privacy.

Do you want to activate Windows now?

This is a fake message issued by the trojan. Do NOT hand over your credit card details to the trojan.  

In the description of the AlfaCleaner program, you will find that it is supposed to help you optimize your computer and remove all spyware threats. In fact, AlfaCleaner will try to "optimize" your wallet. A re-branded variant of AlfaCleaner is WinHound. Another similar rogue anti-spyware is called WinAntiSpyWare 2006. SpySheriff and SpyTrooper (other rogue anti-spyware tools) work in the same way.

BraveSentry is another type of rogue anti-spyware tool. The free "scan" detects lots of false positives trying to trick the user into buying the full version. Once installed, this software is known to download additional adware and spyware programs to your computer.

ErrorSafe claims to be made to fix computer problems; at least that's what the description says. However, it is very hard to remove and its usefulness is questionable, to say the least.

SpyAxe is one of the best known rogue anti-spyware bugs. It is also the most often bought rogue anti-spyware - not due to its efficiency, but rather to various tricks it uses to make the user spend money on it. The variations of this tool are called Adware.Punisher, SpyFalcon, SpywareAxe, SpywareQuake and SpywareStrike.

Spyblocs/eBlocs is another rogue application for spyware removal. Instead of getting rid of spyware, it will fill your computer with various adware/spyware programs. Just like other rogue security tools, it is very difficult to remove.

Spyware Soft Stop and Ultimate Defender will both show you a whole host of false positive reports to convince you to buy their full versions. However, when you perform a few scans instead of one, you will see that various threat names are often assigned to the same file. This is a good sign that the program isn't being honest with you and that you've got a piece of rouge software on your hands.

SpyCut, SpyShield and Spyware Disinfector also can't be trusted. They are offered after the user is tricked into clicking on a misleading sponsored link. What's more, they are distributed through exploits and are able to flood your computer with various adware and spyware threats.

While WinFixer claims that it can detect and remove Windows errors, it does nothing more than tricking the users to buy its full version.

List of most dangerous rogue antispyware, rogue antivirus and trojans released from 2008 to 2012 (last updated 12th February 2012)

Manual Rogueware Removal

Manual removal instructions for many of these rogue programs are available on this site for tech-savvy users. However, it must be stressed that manually updating the registry and deleting hidden files can result in permanent damage to your computer's operating system. It might cause your computer to fail during boot-up. The safest and most thorough method is to remove the rogueware automatically using a reputable antispyware program. Please email us if you need detailed removal instructions for a particular program.

Automatic Rogueware Removal

For automatic removal of rogue programs and their Trojans we suggest using only a legitimate antispyware program. We recommend using Malwarebytes Anti-Malware, which has a good reputation for removing rogueware and does not require payment to enable deletions. Also you can scan your system with Reimage to check for any system damage that may have been caused by the infection. Reimage does require paid registration to enable repairs:

Download Malwarebytes Anti-Malware

Remove Rogue Anti-Spyware Now:

  1. Download Malwarebytes Anti-Malware 2.0 Download Malwarebytes Anti-Malware  
  2. Run a full scan with Malwarebytes Anti-Malware
  3. Remove all infections (free).
  4. Reboot and rescan. Your computer should now be clean.

Important note: If Malwarebytes is blocked by malware then start it via its helper Chameleon (Start Menu → All Programs → MalwareBytes' Anti-Malware → Tools → Malwarebytes' Anti-Malware Chameleon). If you're still having any problems installing Malwarebytes Anti-Malware or removing Rogue Anti-Spyware please email us for further assistance: info@removeadware.com.au.
You may also call for personal assistance on toll-free number 888-655-3453 within the USA and Canada.


Disclaimer: This webpage was created to provide information on Rogue Anti-Spyware and how to uninstall it. We do not own or endorse Rogue Anti-Spyware. Manual removal instructions are intended for use by technical experts and should be used at your own risk.


All content copyright 2006-2017, Bonobo Pty Limited. All Rights Reserved.
Privacy Policy | Terms Of Service