Fake E-SET Antivirus 2011
Fake E-SET Antivirus 2011 is a malicious security program. It will mimic genuine and trusted anti-virus software. This rogue program plays deception techniques to computer users. To make it clear, E-SET Antivirus 2011 is not capable of removing any types of threats inside your PC. In fact, it will never protect your system if ever you install a copy of it. The author of this fake software aims to confuse user by pretending to be a product that came from a popular anti-virus vendor. Its previous version also employs the same trick in the name of AVG Antivirus 2011. This updated rogue may have a new name but the graphical user interface and method to spread remains in the old-fashioned way. It uses a Trojan that will modify Internet browser settings. This act will lead to redirection of your requested page to fake online virus scanner.
Infected system may face many software malfunctions but the most common is browser hijacking. E-SET Antivirus 2011 also disables security-related process causing any running anti-virus, anti-malware and firewall software to terminate at once. We encourage you to remove any presence of E-SSET 2011 before it can do more harm on the system. In most cases, if this malware proceeds, it will block any running programs and make the desktop unusable until such time that user is able to obtain the paid version.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Added Registry Entries:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe "Debugger" = 'msiexecs.exe -sb' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe "Debugger" = 'msiexecs.exe -sb' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe "Debugger" = 'msiexecs.exe -sb' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe "Debugger" = 'msiexecs.exe -sb' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe "Debugger" = 'msiexecs.exe -sb' HKEY_CURRENT_USER\Software\A88246 HKEY_CURRENT_USER\Software\Mon246 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "E-Set 2011" = '%ProgramFiles%\E-Set 2011\e-set.exe' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 16.03.2011"Associated Files and Folders:
c:\Documents and Settings\All Users\Start Menu\E-Set 2011\ c:\Documents and Settings\All Users\Start Menu\E-Set 2011\E-Set Antivirus 2011.lnk c:\Documents and Settings\All Users\Start Menu\E-Set 2011\Uninstall.lnk %ProgramFiles%\E-Set 2011\ %ProgramFiles%\E-Set 2011\e-set.exe %UserProfile%\Desktop\E-Set Antivirus 2011.lnk %System%\msiexecs.exe
File Location for Windows Versions:
- %UserProfile% for Windows Vista/7 user is C:\Users\<Current User>, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
- %System% for all versions of Windows it is located under C:\Windows\System32.
How to Remove Fake E-SET Antivirus 2011
Manual Removal Procedure
1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "E-SET Antivirus 2011". When Windows Task Manager opens, go to Processes tab. Find and end this process.
e-set.exe, msiexecs.exe
2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to E-SET Antivirus 2011.
4. Next, you need to remove registry entries created by E-SET Antivirus 2011. Please refer to registry section to view entries related to the rogue program.
- (Windows 2000/XP) Go to Start > Run, type "regedit" on dialog box then press Enter on keyboard.
- (Windows Vista/7) Go to Start > Search Program and Files, type "regedit" and press Enter.
5. Exit registry editor when you are done.
6. Get rid of E-SET Antivirus 2011 start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
e-set.exe, msiexecs.exe
E-SET Antivirus 2011 Removal Tool
1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid E-SET Antivirus 2011 from loading at start-up. You may want to print this procedure, as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.
2. Download anti-malware tool and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, it will prompt for database update. Please continue.
6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer.
8. When scanning is finished, click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belong to E-SET Antivirus 2011.
10. Restart your computer.
Note:If you cannot download the program due to malware activities, get the software from another computer. Then, rename the file to “anything.exe” to elude the malware.
Use A Portable SuperAntiSpyware:
For complete removal of the virus, carry out a separate scan using different security program. This may catch infected items that evade your previous scan. Download and run SAS Portable Scanner.
Notes
During Fake E-SET Antivirus 2011 infection, it will drop several files under some areas of your system. It also alters some settings under Windows registry. To revert the changes made by the virus, try doing a System Restore first before proceeding with other removal guides. Running system restore replaces malicious files and registry entries with clean ones preserved under a restore point. Click here for procedures.
Warning!
Doing any changes on Windows registry will affect how the system operates. Both hardware and software. This is the reason why users should deal with registry revision with full caution. This is a very risky task. We suggest you consult technicians or experts before performing this action. Moreover, you must backup Windows registry so that you may restore it later just in case any untoward incident happens. View instructions.
Helpful Tip
The virus may prevent you from downloading the required tool by blocking the access to Internet. Before going on to virus removal, please repair your Internet access first. There are several solutions to this trouble caused by Fake E-SET Antivirus 2011, and it is clearly stated in this guide.
Gay Maddox
Mar 28, 2011 @ 22:20:27
Since this malicious program is targeted at less than savvy users, I think you should add more detailed instructions. For instance, you say the registry must be cleaned but you do not tell us how to do that.
This piece of garbage has infected my computer. McAfee has been my security for years, but it missed this program. Now, even though I am already paying them to protect my computer, they want me to pay extra to get rid of this thing. That just sounds wrong to me, so I’d like to try to do it myself. I just don’t want to make matters worse and the only way I can think of to do it successfully is to follow real clear instructions carefully.
Tony Dilillo
Apr 13, 2011 @ 21:49:01
Please refund my mony for purchase of E-set antivirus. Order ID ICD00778521-pndib. Total $99.90. Thank You. Your Antivirus got infected. IP address is 173.28.70.55.
Michael Lewis
Apr 14, 2011 @ 12:09:41
Could you send me my activation code ?
Mohamed
Apr 28, 2011 @ 13:59:58
Please I want to have refund, how can I do that please?
B Rajani
Apr 28, 2011 @ 19:08:03
ID 3955086
0066005860
Please REFUND US$ 79.95 IMMIDIATELY for FRAUDENTLY SELLING ME VISTA HOME SECURITY 2011 IMMIDIATELY otherwise I shall report you for FRAUD.
dave
May 09, 2011 @ 01:54:57
i can’t help but LOL over the amount of people posting here asking for a refund…i guess they neglect to read that this site explains how to REMOVE this virus/rogue program.
Nismyst
May 12, 2011 @ 23:12:38
HAHA, That’s so funny that people are asking for a refund here. I guess the first user said it all. “this malicious program is targeted at less than savvy users”. HAHA, Oh my. I can see how somebody could get infected by a rogue… thats normal, falling for it and actually paying $100 for the program is a little hard to believe but it happens, Demanding a refund on a site that is trying to help you remove it is just plain stupid though. lol. Ok, now that I’ve had my laughs….
TO THOSE THAT PAID FOR THIS PROGRAM:
Contact your banking or credit agency that is in charge of the credit card that you used to purchase this program with as soon as possible. Tell them the charge is fraudulent and you would like to dispute it. If you want to be really safe you should report the card number as stolen and request a new one.
Rick
May 15, 2011 @ 02:27:05
Thank you, thank you, thank you for posting this fix.