Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

> How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

 
Reply to this topicStart new topic
> How To Remove Expertantivirus (removal Instructions)
Grinler
post May 1 2007, 02:31 PM
Post #1


Bleep Bleep!
******

Group: Admin
Posts: 29,367
Joined: 24-January 04
From: USA
Member No.: 3

How to remove ExpertAntivirus (Removal Instructions)


What this programs does:

ExpertAntvirus, is a rogue anti-spyware program which displays fake and exaggerated scan results. When this program is installed on a computer it creates fake Windows Registry keys and fake files that are completely safe, but are reported by the program as malware. In this way, you can have a completely clean computer, yet the program will still find these files and Windows Registry entries and declare them to be malware related. In order to remove these fake infections you are prompted to purchase the commercial version of this software. Needless to say, you should not fall for this scam and purchase it. The guide below will walk you through the removal of the program and the fake malware files and entries it creates.


ExpertAntivirus Screenshot
ExpertAntivirus Screenshot



Tools Needed for this fix:


Symptoms in a HijackThis Log:

O4 - HKLM\..\Run: [ExpertAntivirus] C:\Program Files\ExpertAntivirus\ExpertAntivirus.exe /s


Fake infection files, folders, and Registry keys that are created (these may change over time):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell\1das
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell\1das\AdLoader
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7\tracer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\AdLoader
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Trace7
c:\Documents and Settings\\Local Settings\Temp\awtmp\
c:\WINDOWS\wincom137.dll
c:\WINDOWS\system\ext32inc.dll

Add/Remove Programs control panel entry:

ExpertAntivirus v4.1


 Guide Updates:

05/01/07 - Initial guide creation.




Manual Removal Instructions for ExpertAntivirus:

These steps may appear to be long and daunting. They are, though, quite easy to do and consist of so many steps only because I have written them in an extremely detailed manner.
  1. Print out these instructions as we will need to close every window that is open later in the fix.

  2. Click on the Start Menu button.

  3. Click on the Control Panel option.

  4. Double-click on the Add or Remove Programs icon.

  5. Find the entry for ExpertAntivirus v4.1 and double-click on it to uninstall the program. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.

  6. When it has completed uninstalling you can close Add or Remove Programs screen and your Control Panel.

  7. Download FixEA.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.

    FixEA.reg Download Link

    Confirm that the file FixEA.reg now resides on your desktop as we will need it later.

  8. Go to your desktop and double click on the FixEA.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.

  9. Click on the Start button and then select the Run option.

  10. Delete the following files and folders (Do not be concerned if a folder does not exist):

    c:\Documents and Settings\\Local Settings\Temp\awtmp\
    c:\WINDOWS\wincom137.dll
    c:\WINDOWS\system\ext32inc.dll

  11. Close all open Windows.

  12. We next perform an online scan with Panda to find any possible inactive remnants from this infection: Panda Online

    1. Once you are on the Panda site click the Scan your PC button

    2. A new window will open and you should click the Check Now button

    3. Enter your Country

    4. Enter your State/Province

    5. Enter your e-mail address and click send

    6. Select either Home User or Company

    7. Click the big Scan Now button

    8. If it wants to install an ActiveX component allow it

    9. It will start downloading the files it requires for the scan (Note: It may take a few minutes)

    10. When download is complete, click on Local Disks to start the scan

  13. When the online scan has been completed, let it remove what it finds, and then you can close Internet Explorer.

Your computer should now be free of the Expert Antivirus program.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log



This is a self-help guide. Use at your own risk.



BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.


--------------------
Lawrence
Go to the top of the page
 
+Quote Post
« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2008 - 06:55 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Malware Removal Guides

© 2003-2008 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2008  IPS, Inc.