How To: Remove Virus Trigger 2009

Yet another rogue spyware program on the loose, this time named “Virus Trigger 2009″.

One thing I noticed about this program, is that the website looks quite professional and appears in the number 1 spot in google when you search for keyword “Virus Trigger 2009″. Nasty huh.

Time to check this baby out.

After firing up my dummy box, I proceeded to download Virus Trigger 2009.

Screenshots

Like most Rogue Spyware applications, its hard to actually minimize or close the Virus Trigger window, especially when it prompts you to purchase the application.

Manual Removal of Virus Trigger 2009

Virus Trigger 2009 installs itself into the following folder.
c:\program files\VirusTriggerBin <- Delete this folder Virus Trigger 2009 runs as the following processes
VirusTriggerBin.exe and uninst.exe <- Use the taskmanager to kill these processes Removing from Startup
To remove this program from starting up when your computer starts, following these instructions

1) Click the start menu, then run
2) Type “msconfig” and hit enter
3) Click the startup Tab
4) Untick “VirusTriggerBin”
5) Reboot

The Solution

Whilst you can manually remove “Virus Trigger 2009″ by simply deleting registry keys and files as per the manual removal stage featured above, its much easier to remove “Virus Trigger 2009″ simply by using PCTools Spyware Doctor..

%productBox%

How To: Remove Ultra Antivirus 2009

Yet another nasty rogue anti-spyware program is amongst us, this time named “Ultra Antivirus 2009″. I managed to get this baby loaded on my test machine and boy did I let her rip!

Ultra Antivirus 2009 pretends to be a “Anti-Spyware” program, often tricking users into thinking its a legitimate program. The main goal of Ultra Antivirus 2009 is to trick users into purchasing the software, often by providing fake scan results and informing the user that the software detected threats on the computer.

But alas that is not true, and when reality kicks in; your computer is in fact fine. Ultra Antivirus 2009′s main goal is to get you to Purchase Their Product!

For gods sake DON’T DO IT!

Screenshots

Analysis Stage

Ultra Antivirus 2009 installs itself into the following folder.
c:\program files\UltraAv <- Delete this folder!

Through some analysis, I uncovered that Ultra Antivirus 2009 connects to the following server in order to retrieve new information regarding payment details.
Internet Protocol, Src: 91.208.0.223 (91.208.0.223)
Not Good ..

Removing from Startup
To remove this program from starting up when your computer starts, following these instructions

1) Click the start menu, then run
2) Type "msconfig" and hit enter
3) Click the startup Tab
4) Untick "UltraAV"
5) Reboot

The Solution

Whilst you can manually remove Spyware protector by simply deleting registry keys and files as per the Analysis stage featured above, its much easier to remove Ultra Antivirus 2009 simply by using PCTools Spyware Doctor.

%productBox%

How To: Remove MS Antivirus 2008

The latest edition in rogue antispyware programs, MS AntiVirus – looks and feels like a regular antispyware application, but in fact – deadly as hell.

For those that don’t know, a “Rogue Anti-Spyware” program is a fairly new form of threat that entices users to download a program to protect their PC, but in fact the software they download is a form of malware, designed to entice users to pay for the software, in order to remove it. The main goal of Rogue Anti-Spyware programs is to make money, infecting and performing unwanted actions on your PC is just a measure in order to get you to “pay up”.

I wanted to see this MS AntiVirus 2008 program in action, so I fired up my Windows XP test box and gave it a whirl.

First I infected my PC with the MS AntiVirus program

See how MS AntiVirus 2008 looks and behaves like an AntiSpyware program, designed to trick the user that it is a legitimate program.

Fake infection

The below screenshot shows MS AntiVirus 2008 telling me that my system is infected. Rogue AntiSpyware often uses “fake spyware results” to inject fear into the user, so they feel the need to buy the software to remove the “fake results”.

MS AntiVirus 2008 communicating to a third party

The below screenshot shows packet sniffing software “WireShark”, detecting MS AntiVirus 2008 talking to a third party web service, namely a MACOS web server called “WebObjects” – nasty stuff.

Okay its time to get rid of this nasty program, time to whip out AdAlert.

Removing MS AntiVirus XP with AdAlert

I cracked open AdAlert and performed a full scan; below are the results.

The result: A clean system
AdAlert managed to disinfect my heavily infected system, deleting key registry files, application files and desktop shortcuts – no traces of MS AntiVirus 2008 are left behind.

If you’re infected with MS AntiVirus 2008 and are looking for an easy, fast way to remove it – I suggest you give AdAlert a whirl. You can download AdAlert here.

Download AdAlert for Free now!

How To: Remove AntiMalware Guard

If you’ve been unlucky to install AntiMalware Guard, then you might have some difficulty in removing it. AntiMalware Guard poses as a fake anti-spamware program and is designed to show FALSE spyware results. To kill and remove AntiMalware, you are going to do a little digging – so lets get started.

Kill the process

First of all, kill the executable which should show in your processes list as

“AntiMalwareGuard_Free[1].exe”.

Remove registry entries

Next, fire up regedit (Start>run>regedit) and proceed to delete the following keys/folders if they exist.

HKEY_LOCAL_MACHINE/Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntiMalwareGuard

HKEY_CURRENT_USER/Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntiMalwareGuard

Reboot

Reboot your computer and AntiMalware Guard should be gone!

However I cannot state this enough, you must install and have an up to date AntiVirus and AntiSpyware application to stop threats like this from entering your computer in the first place. I’ve reviewed popular antispyware products AdAlert and NoAdware here.