G Data Offers Free Fake Antivirus Removal Tool



If you or a friend have been conned into installing one of the fake anti-virus tools that has been doing the round recently, you’ll be delighted to hear that G Data are offering a free tool to remove the most prevalent type of scareware, “System Tool”.

Many of us will have seen those pop-ups claiming that our PCs have been infected and most of us will have dismissed them for the scams that they are. However, some people are taken in and G Data has seen an increase of 35% over the past 15 months in this type of fake AV. And if you are taken in, it’s a double whammy, with the criminals getting your credit card details while your PC remains under their control for further malicious activity.

The development and deployment of scareware has become a highly profitable business. Fake antivirus programs have a double benefit for cyber criminals: they receive money from users who purchased a ‘full version’ of their useless tools and they get hold of the victims’ credit card data. To make matters worse: the fake AV programs often also put online criminals in a position that allows them to download additional malware onto their victims’ computers”, explains Eddy Willems, Security Evangelist at G Data.

The instructions for running the cleaner program is:
1. Download G Data FakeAV Cleaner from the G Data website: http://www.gdatasoftware.co.uk/support/downloads/tools.html. It’s down at the bottom of the page.
2. Run the G Data FakeAV Cleaner setup file. The G Data FakeAVCleaner “System Tool” has to be executed with the Windows user account that is infected. As the FakeAV “System Tool” shuts down all user initiated programs which do not have any kind of reserved name, like explorer.exe, winlogon.exe or svchost.exe and many more, the file name for the G Data FakeAVCleaner is svchost.exe
3. Reboot the computer to finalise the installation.

If you are interested in the background to this kind of threat, G Data have a complementary blog post discussing some of the issues and demonstrates a scareware infection.