Win32 Virus Removal

Sysinternals Antivirus is a bogus virus removal software application that enters in your computer using malware installations which installs it on your PC without alerting you, obviously. The Sysinternals Antivirus scans your computer automatically after reboot and after the scanning is complete it will display false infections results that can be removed only after you buy the full version of it.

The malware files that your computer supposedly is infected with are all false and the Systernals Antivirus only tries to take advantage of people’s stupidity, by forcing them to buy the full version of it. You simply need to avoid trusting it and you should this step-by-step removal tool to completely delete it from your system.

When the Sysinternals Antivirus works it will completely stop various applications from opening, this action is performed because it has a ’self-preservation instinct’ which keeps it safe against professional and genuine Anti-Virus applications. If you try to open and run an application, it will promptly block it and it displays the following alert message : Warning ! Running of application is impossible. Program is infected.

Such error messages could fool almost any type of user, but if you encountered this kind of alert, then you should know for sure that your PC is infected with the Sysinternals AntiVirus malware. Another alerting way is that it will display other alerts that are forged by itself, something like this :

• Security Alert , Infiltration Alert, Your Computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropped or others that might look in this way
• Warning Infection is detected. Windows has found Spyware infection on your computer! Click here to update your Windows antivirus software.
• svchost.exe has encountered a problems and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this issue. We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

So, if you encounter one of the above error messages, you should know that all are fake and your system is infected with Sysinternals Antivirus, and as i said this malware was created simply to steal money from users that are unaware about the real intentions of this so-called antivirus application.

Check below a log file provided by HijackThis application which contains different presence marks of the Sysinternals Antivirus malware on your computer’s Registry entries :

• R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
• O2 – BHO: ADC PlugIn – {149256D5-E103-4523-BB43-2CFB066839D6} – C:\Program Files\adc_w32.dll
• O4 – HKCU\..\Run: [novavapp] %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
• O4 – HKCU\..\Run: [novavappr] %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
• O17 – HKLM\System\CCS\Services\Tcpip\..\{0F902301-D005-499E-8448-F9E2EC98B9A7}: NameServer = 8.8.8.8
• O17 – HKLM\System\CCS\Services\Tcpip\..\{9239B395-78B0-4938-AC0D-692A7A7C682C}: NameServer = 8.8.8.8
• O17 – HKLM\System\CCS\Services\Tcpip\..\{D3D77D58-5997-458E-A70C-892555CEEC52}: NameServer = 8.8.8.8
• O17 – HKLM\System\CS1\Services\Tcpip\..\{0F902301-D005-499E-8448-F9E2EC98B9A7}: NameServer = 8.8.8.8
• O23 – Service: Adobe Update Service (AdbUpd) – Unknown owner – C:\Program Files\svchost.exe

All of the above represents extensive info about how the Sysinternals Antivirus malicious software acts on a Windows environment. Check below the steps you need to follow to remove it completely from your computer.

1. Firstly, you need to print or send to a nearby computer all the below instructions, because you might be forced to close all windows and you won’t be able to successfully follow all the steps in the correct order.
2. You might need to download various files on another PC and transfer them on the infected computer with the help of a CD / DVD, USB memory stick or other similar removable storage device.
3. Now you need to close all the Sysinternals Antivirus malware processes and by doing this you will be able to continue your work uninterrupted. To close those, you need to download the Rkill.com malicious processes killer from here.
4. After you managed to grab Rkill.com, you have to run it and it will automatically find all the malicious processes running, this is an action that it might take some time before completion. When the scanning is complete, the black windows will disspear and you can go to the next step. If your system displays an error messages which says that the Rkill is a virus threat, you should do nothing, as this is a bogus message displayed by the Sysinternals Antivirus when it detects an application that tries to kill it. You need to leave the message displayed and run the Rkill.com application until there will be no other warning messages displayed, which means that Rkill.com was successful. If the Rkill.com faces troubles, you can download iExplore.exe or the eXplorer.exe utilities, these are similar in functions with the Rkill.com. Another thing that you need to know, is that you shouldn’t restart your computer after you used the Rkill.com software, because the malicious software will be re-enabled.
5. Download and save it to your desktop the Malwarebytes’ Anti-Malware, aka MBAM, from here.
6. After the MalwareBytes’ Anti-Malware was successfully downloaded, you need to close all opened windows and running applications, without exceptions. This means that you’ll have to close the web browser too.
7. Now you have to start the Malwarebytes’ Anti-Malware by double-clicking the mbam-setup.exe, which you previously saved on your desktop.
8. While the installer is in progress and it displays various prompts that need your acceptance to continue, you shouldn’t change any settings, just continue with the installing process without editing any settings. After the installer completes its task, you need to be sure that the both Update Malwarebytes’ Anti-Malware and the Launch Malwarebytes’s Anti-Malware boxes are checked. Now you can hit FINISH and do not restart MBAM under any circumstances, even if it displays a message which says that it needs a restart.
9. The MBAM application will start again and it displays a message that tells you to update it before you start scanning your PC. You can hit the OK button for it to close that pop-up and the application will open its main windows. Check below how it should look like.


Scanner Tab

10. Now, please make sure you check the Perform Full Scan box and after that hit the Start button, so that the MBAM can start to search your system for the Sysinternals Antivirus malware files.
11. Now the scanning process has started and you simply have to wait until MBAM finishes scanning your PC. See below how the scanning windows should look like.


MBAM is Scanning

12. After the scanning process is completed, you should see a box like the one below. Click the OK button to continue removing Sysinternals Antivirus from your PC.


MBAM Complete Scanning

13. Now it displays MBAM’s main Scanning screen and you have to hit the Show Results button for the application to display the search results.
14. Now it should show the screen with all the detected malware files and it should look something like this. It doesn’t have to find the same results as in our image. Click the Remove Selected button and MBAM will completely remove all the malicious file from your system. After it finishes removing all malware, it might show you a message that tells you it needs to reboot your system and now you can let it reboot your system safely. After it completes the rebooting process you can go on with the next steps.


Malwarebytes' Anti-Malware

15. After Malwarebytes’s Anti-Malware manages to delete all the malicious files, it will open the Notepad with the Scan log, which you can look in it to see all the performed operations. After you saw it, you can safely close Notepad.
16. Now, you can finally close Malwarebytes’s Anti-Malware and hopefully all your troubles are gone.

All of the above are the steps you need to take, in order for your PC to be free of all Sysinternals Antivirus malicious files. After you finished all those steps, please feel free to tell us in the comments if you managed to remove Sysinternals Antivirus completely from your computer.