Anti-malware Lab
Anti-malware Lab is a rogue security application that will be installed on the computer without users consent. This program will commonly distributed by fake security web sites and promoted as a real anti-virus program. Also called as Antimalware Lab virus, it came from the same group who created My Security Shield. These said application will utilize a Trojan infection to be able to penetrate victims system. It maybe hard to prevent even with installed anti-virus application because it uses a rootkit technology where it can hide itself on legitimate system files.
Anti-malware Lab will use the same marketing method just as any other rogue application. It will start with a display of fake security alerts and followed by a virus scan that will detect non-existent threats on the PC. Additionally, Anti-malware Lab virus will lessen security settings on target computer by ending any security-related process. This will make it impossible to remove automatically. Manual removal of the fake program will be made difficult when it begins to disable functions such as registry editor and task manager. The only solution left it to download, install and thoroughly scan the system with legitimate anti-malware application. Lastly, never use Anti-malware Lab in getting rid of the virus since it was not design to be a useful application.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Anti-malware Lab Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Anti-malware Lab”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the system and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Anti-malware Lab Virus.
4. Registry entries created by Anti-malware Lab must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Anti-malware Lab start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Anti-malware Lab Removal Tool:
In order to completely remove the threat from a computer, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.
Technical Details and Additional Information:
Malicious Files Added by Anti-malware Lab:
%UserProfile%\Application Data\Anti-Malware Lab\
%UserProfile%\Application Data\Anti-Malware Lab\cookies.sqlite
%UserProfile%\Application Data\Anti-Malware Lab\Instructions.ini
%Documents and Settings%\All Users\Application Data\(random)\(random).exe
%Documents and Settings%\All Users\Application Data\(random)\(random).mof
%Documents and Settings%\All Users\Application Data\(random)\(random).dll
%Documents and Settings%\All Users\Application Data\(random)\(random).ocx
Anti-malware Lab Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Anti-Malware Lab”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “[random].exe”
HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options “Debugger” = “svchost.exe”
malware software free
Jul 19, 2011 @ 20:18:32
I’m not sure I have ever had one, but now I know how to fix it, I will keep a lookout. Thanks.