My bf's laptop had this fake virus scan thing about hmm at least 4 times in the past year (he likes to go to random sites to watch poker tournament reruns), and also a friend of mine. I've pretty much figured out how to get rid of it. It's a really strange way but it has worked every time.
He uses Windows XP Pro. The steps are for Windows XP, not sure about 7 or Vista since I haven't used those.
----------------
1. When you first get the pop up warnings, do not click anything that says "yes" but it's ok to close it with the [x] in the corner.
Go to
Malwarebytes and download the free version (sometimes the virus will change your internet explorer settings causing you unable to get on the internet using internet explorer so need to go check your internet connection settings in your options, for example, it always changed my bf's IE settings to proxy instead of automatic etc...), but Firefox always worked, so it's good idea to use Firefox. To fix your IE settings, in IE, Tools>Options>Connections Tab>Lan Settings>And check your settings making sure it's the way you would have it set up, most people have "Automatically Detect Settings", so if you don't know just un-check the Proxy Server setting, and check the "Automatically Detect Settings" option, click OK and reload page. The virus can keep changing your settings so if you can't go online in IE, need to check settings again.
2. Once you've downloaded Malwarebytes setup (mbam-setup-1.46.exe or w/e the newest version is) to desktop or folder of your choice (desktop is best place), go to it, and install - if for some reason an error pops up and you are unable to install it, you need to restart PC, when you restart, as soon as you see your desktop, be ready to go to the file to click to install as fast as you can (as soon as you're able to move your mouse and click, you should be trying to install the file, do not wait for startup programs to load etc....), the reason is because the error is from the virus blocking all programs from functioning correctly, and if you can start it before the the virus loads in startup you can start it w/o problems.
3. After installation, go to update (if update gives you an error, it is because of IE connection settings being changed, so you will have to make sure your IE settings is correct). When update is finished (at this point you can unplug your ethernet cable to prevent any pop ups from loading it's content), go to scan and select "Quick Scan" (or "Full Scan" your choice, I find "Quick Scan" works fine but if you're really cautious can use full), when it's done a txt document will pop up, close it, and then click "View Results", on the results screen, click "Remove Selected", it might tell you to restart PC to complete removal, do what it tells you.
If you already have Malwarebytes installed, of course skip the download and installation, but all other steps are the same.
Even in "Safe Mode" you will get the same errors from trying to start it and will need to do the same steps.
To start any of your virus scan programs if it gives you error during this attack, can do the same trick to start it up, restart pc, click it FAST as soon as you can move mouse.
4. After you've removed the
threats in Malwarebytes and have restarted PC see if it starts the attack again after using it for 10~mins or so. Usually I like to take an extra step - by going to Control Panel>System>System Restore Tab>Check the box that says "Turn off System Restore" hit "Apply", then do a "Quick Scan" again, remove any
threats on results page, restart PC, then turn system restore back on and set a new restore point - Start>Accessories>System Tools>System Restore. That way it gets rid of any remnants of the virus left in any of the old restore files and any that reloaded from them after the first scan + restart of pc.
Plug your ethernet cable back in, if you've unplugged it.
------------------
Sorry if it seems kinda scattered x.x, since it's my own way of doing it.
