(UPDATED) How To: Remove ‘Antivirus XP/Vista/7’

When I wrote this the other morning I failed to identify the usefulness of the following procedure as it applies to the overall removal of the Antivirus XP, et al.

The instructions below deal specifically with the scenario in which the rogue software has disabled the launching of executable or .exe files. This is a common practice on the part of the rogue software developers, because it limits your ability as a user to initiate many countermeasures.

My preferred malware cleanup tool is MalwareBytes, though my complete procedure involves several applications, the exact combination of which varies from infection to infection.

For reference I prefer:

Sunbelt Software’s VIPRE – Paid General Antimalware
Grisoft’s AVG Free – Free General Antimalware

* I do believe there is a difference between paid and free antivirus protection. The main differences lie in the features of the application and the support available to a user if a problem arises. I feel there is no advantage to a paid solution from a definitions standpoint.

How to use the instructions below:
These instructions assume two things.
1. You have been infected with one of the Antivirus XP/Vista/7 variants.
2. You are unable to run executables as a result of the infection.

How to restore your ability to launch executables:
1. Start | Run| type ‘command.com’ to launch DOS command prompt.
N.B. This opens the old-fashioned command prompt, thus TAB does not auto-complete folder names, and the up arrow does not reenter the last command. Most importantly you must use eight character folder names. See step 2.
2. Run ‘dir /x’ to reveal 8 character folder names.
3. Open ‘notepad.exe’ from the command prompt.
4. Input:

Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USERSoftwareClasses.exe] [-HKEY_CURRENT_USERSoftwareClassessecfile] [-HKEY_CLASSES_ROOTsecfile] [-HKEY_CLASSES_ROOT.exeshellopencommand] [HKEY_CLASSES_ROOTexefileshellopencommand] @=""%1" %*" [HKEY_CLASSES_ROOT.exe] @="exefile" "Content Type"="application/x-msdownload"

5. Save the file as ‘registryfix.reg’ to the desktop.
6. Open the ‘registryfix.reg’ file from the desktop to merge these changes into the registry.
7. Load MalwareBytes from local source (flash drive, CDROM, Ext. HDD, etc.)
8. Run MalwareBytes per normal procedure.

Leave a Reply

Your email address will not be published. Required fields are marked *