How to Remove Windows Antivirus Tool Scareware

by News Editor on May 23rd, 2014 in Security Tips.

Windows AntiVirus Tool is a program that belongs to the family of Rogue.FakeVimes computer infections. This application only pretends to be an anti-virus program, but instead it shows fake scan results, reports the computer infections that do not exist, and does not allow you to run any other applications.

This bogus antivirus software only pretends to protect your PC. In reality, it completely blocks your computer. It doesn’t allow any programs or applications to run. It also tells that it is a malware and offering the only way to prevent the attack is by making you pay 99.90$.
























After it gets inside, this virus has the full control of your computer.











Since this virus has full control on your computer, it’s not possible to run msconfig or task manager or even try to delete something from your PC. This software will report you about suspicious file every time you try.
 

 How to remove Windows Antivirus tool

1.    Start your computer in Safe Mode with Networking:

  • Remove all CDs or DVDs from your CD/DVD drive, and then restart your PC.
  • When the computer starts you will see your computer’s hardware being listed. When you see this information start to tap the F8 key repeatedly until you are presented with the Windows XP, Vista or 7 Advanced Boot Options.

2.    If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Command Networking , and then press ENTER.













3.    If you are using Windows 8 press 6 on your keyboard to Enable Safe Mode with Networking.
Windows will start in Safe Mode with Networking.

4.    Run AutoRuns as administrator

5.    Go to Logon tab and find ZSFT file. Uncheck it

Now you can reboot your PC to Normal mode and fake antivirus will not run at the start up, so you will be able to remove it.

There are 2 ways to remove this application from your PC: using antivirus software or manually.  I did it using Ad-Aware Antivirus and it successfully detected this file as Trojan.GenericKD.1582829 and deleted it.

You can also delete it manually:

-Run Autoruns as administrator, Open Logon –Find ZSFT-right click and choose jump to entry-now you can delete the file itself/

-Then go to the registry- Win+R and type regedit
go to-Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

And delete ZSFT file