Over the past few years I’ve had a number of clients who have been hit with ‘fake’ Virus alerts/warnings that are intended to alarm the user into scanning their system and eventually paying to have the fake virus removed.
I have found the safest way to deal with these is to get the computer re-booted into Safe Mode as soon as possible and then to do a scan with Malwarebytes AntiMalware. Here’s how you can do that:
- You may want to print these instructions before continuing since they won’t be available after you shut your computer down in step 2.
- Click the Start button and then click Shut Down.
- In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.
- As your computer restarts but before Windows launches, press F8.
- On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.
- Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.
- If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER
If you miss it, restart Windows and try it again… Once successful, you will see a screen that looks similar to this:
Select Safe Mode with Networking. Once in Safe Mode you will notice the display has changed a bit, this is because Windows has started with only essential programs and services.
Now, download Malwarebytes Antimalware. and install. At the end of the install it will ask you if you want to check for updates and run the program, click OK. (If you already have it installed, click on the ‘Update’ tab and select Check for Updates. When finished click on the Scanner ‘tab’ and select Scan).
Run a Quick Scan.
If any infections/threats are found, make sure they are checked, and select remove.
You may, or may not be told to restart to finish removal. Either way the system is ready to restart back into ‘Normal’ Windows.
Once you have restarted into Windows (Normal mode) I suggest running another scan with the Antimalware until it results in 0 ‘Objects infected’.
Please note that the above is really only successful if it is done before the Rogue Anti-virus has infected the system further then it’s first warning.