Anti-Malware Lab is from the same malware family as PC Security Guardian, Best Malware Protection and some other rogue AVs. The rogue application is configured to that run automatically when Windows starts. It may report up to twenty fake infections, e.g., Trojan-IM.Win32.Faker.a, Virus.BAT.Gray.705, Trojan-PSW.Win32.Dripper and many other non-existent threats. Below are a number of different images of fake security alerts that you may run across.
It also displays fake security alerts and notifications saying that your computer is infected or under attack from a remote machine. Basically, Anti-Malware Lab uses misleading security alerts to frighten you into purchasing worthless security software. If you have already purchased this this rogue applications, you should requested a refund from a fake antivirus firm if they provide contact information and also you should contact their credit card provider to dispute the charges. They even have their own support center.
OPTIONAL: In case you can't boot your PC in Safe Mode with Networking or you can't delete the malicious files manually, you can use this code U2FD-S2LA-H4KA-UEPB to register the rogue application in order to stop the fake security alerts. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly. If you need help in removing Personal Shield Pro from your computer, please leave a comment below.
Anti-Malware Lab is not a virus and it can't log you keystrokes or delete your files. It's a low risk threat but you should uninstall this fake anti-virus program from your computer as soon as possible because it may download additional malware onto your computer and this is especially true if it comes bundled with Trojan downloaders. Last, but not least, may configure Internet Explorer to use a proxy over a LAN connection, so it pretty much hijacks the default web browser. To remove Anti-Malware Lab from from your computer, please follow the removal instructions below. If you need help removing this scarware, you can leave a comment below. Good luck and safe online!
Anti-Malware Lab removal instructions:
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate Anti-Malware Lab removal instructions using HijackThis or Process Explorer (in Normal mode):
1. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
2. Download Process Explorer.
3. Rename procexp.exe to iexplore.exe and run it. Look for similar process in the list and end it:
- DMg4a_358.exe
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it. Search for similar entries in the scan results:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:24525
O4 - HKCU\..\Run: [Anti-Malware Lab] "C:\Documents and Settings\All Users\Application Data\b3a2c8\DMg4a_358.exe" /s /d
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Associated Anti-Malware Lab files and registry values:
Files:
Windows XP
- C:\Documents and Settings\All Users\Application Data\b3a2c8\
- C:\Documents and Settings\All Users\Application Data\b3a2c8\DMg4a_358.exe
- C:\Documents and Settings\All Users\Application Data\b3a2c8\PSGSys
- C:\Documents and Settings\All Users\Application Data\b3a2c8\Quarantine Items
- C:\Documents and Settings\All Users\Application Data\b3a2c8\PSG.ico
- C:\Documents and Settings\[UserName]\Application Data\Anti-Malware Lab\
- C:\ProgramData\b3a2c8
- C:\ProgramData\b3a2c8\PSGSys
- C:\ProgramData\b3a2c8\Quarantine Items
- C:\ProgramData\b3a2c8\DMg4a_358.exe
- C:\ProgramData\b3a2c8\PSG.ico
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Malware Lab
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Anti-Malware Lab"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=247&q={searchTerms}
0 comments:
Post a Comment