AntiMalware

AntiMalware is a virus that in disguise. It is endorse as a program that will help protect the computer from Trojans and viruses. Definitely, it is not the real intention of this pretentious malware. AntiMalware rogue security application continuously displays different virus warning on the computer to get users attention. Then it will redirect them to own web site and pushes to purchase the registered version of AntiMalware fake program. Aside from that, AntiMalware virus will pretend as a firewall that will effectively reject network security attack.

By providing these kinds of activities once inside the system, there is an assurance that this unwanted application can win the trust of computer users. Moreover, there is a big chance that AntiMalware virus will attain its goal – that is to have users pay for the licensed version.

What’s more devastating about this fake program is its ability to remove certain legitimate security programs. AntiMalware virus also tries to connect on a remote website and further infect the computer by downloading additional threats. This move also strengthens its presence and imparts more damages It will disable Task Manager, Control Panel and Registry Editor which will make it difficult for ordinary users to remove AntiMalware virus.

Damage Level: Low

Systems Affected: Windows

Screenshot Image:

AntiMalware Virus

Additional Information:

“AntiMalware Network Security Alert” pop-up messages will constantly appear on computer who got infected with an AntiMalware virus. This will pretend as a firewall alert warning with the following message:

AntiMalware Network Security Alert
Network attack rejected!
Your computer is being attacked from remote host. Attack has been classified as Remote code execution attempt.
Attack from 28.40.52.64:24496

AntiMalware Network Security Alert

Other than network security alert, this malware will pop-up fake syste tray messages that shows warnings like these:

Warning!
PLEASE, OPTIMIZE YOUR PC. IT RUNS ONLY 10%

please-optimize

Warning!
ANTIVIRUS IS RUN IN DEMO MODE. ACTIVATE YOUR ANTIVIRUS OR OTHERWISE ALL THE DATA WILL BE LOST OR DAMAGED! 

antivirus-is-run

Analysis
It monitors the system for presence of the following security programs and remove if it exists.
Agnitum, Avast!, AVG, Avira AntiVir, BitDefender, F-Secure, Kaspersky, Malwarebytes’ Anti-Malware, NOD32, Sophos

How to Remove AntiMalware

Automatic Removal of Security Sphere 2012 Using Malwarebytes' Anti-Malware

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Alternative Removal Method for AntiMalware

Option 1 : Use Windows System Restore to return Windows to previous state

If AntiMalware enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before AntiMalware infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : AntiMalware manual uninstall guide

IMPORTANT! Manual removal of AntiMalware requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to AntiMalware.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for AntiMalware files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by AntiMalware.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

C:\Program Files\AntiMalware\amext.dll C:\Program Files\AntiMalware\antimalware.exe C:\Program Files\AntiMalware\help.ico C:\Program Files\AntiMalware\malw.db C:\Program Files\AntiMalware\uninstall.exe C:\Documents and Settings\All Users\Desktop\AntiMalware Support.lnk C:\Documents and Settings\All Users\Desktop\AntiMalware.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware\AntiMalware Support.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware\AntiMalware.lnk C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware\Uninstall AntiMalware.lnk %Temp%\6yhnjuis.mof %Temp%\c.dat HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiMalware" HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} HKEY_LOCAL_MACHINE\SOFTWARE\Active Security HKEY_LOCAL_MACHINE\SOFTWARE\AntiMalware HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiMalware HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"