A program named Windows Antivirus Helper constantly pop up a lot of alerts of infections on your computer? If your computer has this program installed, please remove it as soon as possible. It is a fake antivirus program that created by cyber criminals to make illegal profits. If you don’t know how to get rid of the malware, follow the instructions below to eradicate it.
What is Windows Antivirus Helper?
Windows Antivirus Helper is a rogue security program that designed to deceive computer users into paying money for simulated removal of malware. It often scans your computer automatically and then shows bogus scan results. It must report that numerous infections are detected on your PC. If you want to remove the threats, it will suggest you to activate its product to solve the problem. Though it claims to get rid of the infections found, it cannot delete any cyber threats at all. On the contrary, this fake antivirus program sometimes invites other cyber threats to the infected computer.
Once installed on your PC, the fake antivirus program will scan the PC automatically and then show the scan results claiming that your computer is at risk because several threats are found.
A screenshot of the fake security software:
The rogue program not only scans your computer system without permission and displays fictitious pop-up alerts, but also stops other legitimate programs from running. It pops up a warning dialog stating that the program you want to start is infected with a computer virus so that you cannot run the programs smoothly. To protect your machine and restore it to a clean system, please remove Windows Antivirus Helper immediately once you notice it.
How did the rogue program get into your PC?
Sometimes, the malware sneaks into your computer as drive-by downloads which exploit security vulnerabilities in web browsers, PDF viewers, or email clients to install themselves without any manual interaction. Commonly, it has a Trojan horse component which can be disguised as a harmless program, such as a browser toolbar or a free online malware scanning service. In this way, you may be misled into installing the rogue security software.
Solutions:
Option1: Uninstall Windows Antivirus Helper manually
If you want to remove the malware by yourself, follow the steps below and you can clearthe threat.
Step1. Restart PC in Safe Mode.
Reboot your computer and tap F8 key constantly on the keyboard before Windows loads. Choose Safe Mode by using the up and down arrow keys and then press Enter key.
Step2. Go to Control Panel and uninstall the rogue program.
For Windows XP, click Start and click Control Panel.
Double click Add/Remove Programs.
In the Currently installed programs list, search for the fake antivirus program and click Remove button.
For Windows 7, click Start and go to Control Panel.
Click Uninstall a program under Programs.
Find the rogue program and click Uninstall to delete the threat.
Step3. Delete the registry entries of the malware.
Click Start button and go to Run. Type regedit in the box and click OK to open Windows Registry Editor.
Search for the following registry entries and delete them.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “MS-SEC” = %AppData%\svc-<random>.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ZSFT” = %AppData%\svc-<random>.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd “ImagePath” = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%AppData%\svc-<random>.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableVirtualization” = 0
Note: It is risky to modify system registry for any wrong deletion of registry information can lead to serious computer damages. It is suggested that you back up the related registry data before deleting them.
Step4. Remove the files created by the threat.
Click Start, go to Control Panel and double click on Folder Options (For Windows XP) or click Appearance and Personalization and then open Folder Options (Windows 7). Select Show protected files and folders and uncheck Hide protected operating system files (Recommended). Click OK to confirm the changes.
Search for the files below and erase them.
%AppData%\svc-<random>.exe
%AppData%\data.sec
%UserProfile%\Desktop\[rogue program name].lnk
%AllUsersProfile%\Start Menu\Programs\[rogue program name].lnk
Option2: Delete Windows Antivirus Helper Automatically
Step1. Restart your computer in Safe Mode with Networking.
Restart the PC and keep pressing F8 before Windows launches. In the Windows Advanced Options menu screen, use the up and down arrow keys to move to Safe Mode with Networking and then press Enter key.
Step2. Download a malware removal tool on your computer.
A reputable and professional removal tool that is designed to delete computer viruses, malware and other unwanted programs and files forcibly and completely without harming PC is the best choice for those regular users to deal with such malware programs. It can keep the computer away from various stubborn and malicious programs.
Step3. Install the removal tool and perform a scan of the computer.
After the removal tool is saved in your PC, install it. Then start the tool to scan your computer. Search for the rogue program and delete it.
Step4. Delete the malicious program automatically.
You will be able to uninstall Windows Antivirus Helper fully within minutes. Restart your computer to normal mode and the threat will be gone.
没有评论:
发表评论