Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Fake Antivirus (FakeAV) Removal Tool for Enterprise

    • Updated:
    • 26 Apr 2016
    • Product/Version:
    • OfficeScan 10.6
    • OfficeScan 11.0
    • Worry-Free Business Security Standard/Advanced 7.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 2003 Compute Cluster Server
    • Windows 2003 Datacenter Server
    • Windows 2003 Datacenter Server Edition 64-bit
    • Windows 2003 Enterprise Server
    • Windows 2003 Home Server
    • Windows 2003 Small Business Server
    • Windows 2003 Standard Server Edition
    • Windows 2003 Standard Server Edition 64-bit
    • Windows 2003 Storage Server
    • Windows 2003 Web Server Edition
    • Windows 2008 Datacenter Server
    • Windows 2008 Datacenter Server Edition 64-bit
    • Windows 2008 Enterprise Server
    • Windows 2008 Enterprise Server Edition 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows 2008 Standard Server Edition
    • Windows 2008 Standard Server Edition 64-bit
    • Windows 2008 Storage Server
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 2012 Standard
    • Windows 2012 Standard R2
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

Fake Antivirus (FakeAV) threats have been rampant in the past few years. Various FAKEAV variants have infected millions of PCs and are continuously spreading worldwide.

One reason why FAKEAV infections have become well-known to users is because they have visual payloads. Variants of the malware family often display pop-up messages telling users that their machines have been infected. This may cause panic among users, pressuring them to purchase rogue antivirus applications in the hope of resolving the issue. Users, however, should never purchase antivirus software from unknown sources.

Details
Public
  • The FakeAV Removal Tool also works for Windows XP, Vista, Windows 7 and Windows 8 (32-bit and 64-bit)
  • The standalone FakeAV Removal Tool has been archived. Though you can acquire it by contacting Trend Micro Support, we recommend the use of this new build.

To use the removal tool, do the following:

  1. Download one of the following packages depending on your operating system:
    • Graphical User Interface mode
      This package provides a simple user interface to use and is recommended for home users.
       
      Clicking the link will open the Trend Micro License Agreement on another window. Read the License Agreement and click I Accept to download the Fake AV removal tool.
    • Command Line Interface mode
      This is recommended for advanced users who only wants to see the CMD screen.
  2. Run the executable file. If you are having problems running the file because the Fake AV is blocking it, you can do the following:
    1. Rename the attk_far tool to svchost.exe or iexplore.exe.
    2. Change the file extension of the attk_far tool into .com. Renaming the tool will trick the Fake AV that you are running a critical windows process.

      If you are using Windows Vista/7, right-click the tool and select Run as Administrator to make sure that the application is not blocked from running.

  3. Accept the license agreement.
  4. Click Scan Now.
  5. Tick the items that are associated with the FakeAV infection, then click Clean.

    Restart your computer if you are prompted.

The ATTK build of Fake Antivirus Removal Tool has the following features:

  • Enhanced correlation for detection
  • Supports x64 process scanning
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1056510
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.