A long time reader of ShanKrila and a blogging friend of mine, Jeanne Dininni of Writer’s Notes contacted me yesterday by email with a computer question.
That’s when it dawned on me that I faced the same situation a few months back on my desktop and I fought hard to successfully remove it from my computer. But, I forgot to blog about it here even though I wrote about the Conficker worm. It would have helped Jeanne and many others looking for such information. So, I am sharing my experience with how I removed it here.
What is PC AntiSpyware 2010?
PC AntiSpyware 2010 is a rogue antispyware program that looks like a genuine antispyware program. You could get infected with it by visiting some malicious sites. Here are a few symptoms if you were infected with this:
- You will be prompted to run this program showing fake malware infections on your computer repeatedly
- It disables Windows Defender (Microsoft’s genuine security product)
- Disables your system security programs and spyware programs
- Disables you from updating any installed anti-virus program
- Disables the ability to install any new security software
- Redirects you from going to directly to any of the security software websites in Internet Explorer
Jeanne is Internet-savvy and she had done all the right things anyone would do in situations like this. In fact, I went through the same steps before realizing how sneaky this malware really is.
Here are a few things you would do if you had a virus in your computer
- Try to update and run Windows Defender
- Try to update and run installed Anti-virus software
- Try to update and run installed AntiSpyware programs like Spybot, Adaware, etc
- Try and run a RootkitRevealer program
- Use an advanced process program like Process Explorer to see currently running programs and kill suspicious processes
- Use a startup tweak program like Autoruns to disable unwanted stuff from automatically starting up
- Use HijackThis to see what programs may be malicious
PC AntiSpyware 2010 is so sneaky that it actually disables pretty much all these programs. It even disabled my command prompt and Control Panel.
It adds itself to your computers registry and even if you are able to clean up some of it, it automatically installs itself when you reboot your computer. Plus, I even saw it morph into installed genuine programs randomly so you can’t really find it in Task Manager. One sure indication that a genuine looking program is the malware is to kill it and see it spring back to life automatically. Mine was latching on to LogMeIn program even though I didn’t have it set to automatically startup.
So how did I get rid of this malware from my desktop?
Steps to remove PC AntiSpyware 2010
Using Malwarebytes’ Anti-Malware
- If your PC is still able to download and install security software, try and download -
- Run Malwarebytes’ Anti-Malware and see if this helps remove the infection. A lot of people seems to have luck with it.
I wasn’t so lucky as my infection wouldn’t even let me install this software. If that’s your case, read on.
Using Manual Registry Edits
You could also try manual file deletion and registry edits like described here. I haven’t tried this and I followed the next section to remove mine.
Using Bootime Anti-Virus Scanner – Recommended
Since most of the usual system cleanup methods are disabled, we are left with one solid option. To use a boot-time anti-virus solution. This ensures that any installed malware is not activated while you are cleaning up your computer.
Here are the steps I followed to clean up the infection successfully
- Download and burn a boot time anti virus software like Avira to CD/DVD (look below for a list of good ones I came across). Make sure you burn it as a bootable image and not as a data disk.
- Put the CD/DVD in your computer tray
- Shutdown your computer
- Disconnect the network cable from your computer
- Reboot your computer
- Most computers automatically boot from CD/DVD before trying to boot from the hard drive. If not, while booting go into System boot menu by hitting F2 or F10 (you will see a hint on that) continously and change your boot order to boot from CD/DVD first.
- Let the boot time anti virus software to do its job.
- Reboot your computer (without connecting to the Internet) and see if you can run the usual security programs now.
- If you can, connect to the Internet and update Windows Defender and your primary anti-virus programs immediately. Run a ‘full scan’ or ‘deep scan’ option on your computer with the latest updates.
If in step 8 you still see that your computer is infected, try using another boot time virus scan program through the same steps. There seems to be many variations of these infections and not all programs remove all infections. That’s why its best to download and keep multiple programs at hand while attempting this.
Here are a few Boot-time Antivirus Scanners that you can download and try
- Ultimate boot CD for Windows (includes an anti-virus software)
- Avira AntiVir Rescue System – a linux based virus scanner that is updated daily
- Kaspersky Rescue Disk
- BitDefender Rescue CD
- F-Secure Rescue CD
- Trinity Rescue CD Kit – A combination of popular free antivirus software in one kit with online update capabilities. For the advanced user.
Re-installing Windows isn’t fun unless you had a system restore image with all your favorite applications before hand. I had success cleaning up this pesky virus from my desktop and since been virus free. I make sure once in a while that all my virus definitions, firewall software and spyware software are updating regularly.
If you have any questions, please feel free to ask in the comments.
Jeanne, thanks for asking the question that prompted me to write this post. I hope you have your computer cleaned very soon.