Search this blog

Friday, April 1, 2011

How to remove Antimalware Tool virus. Get rid of Antimalware Tool scam using GridinSoft Trojan Killer


We have been recently able to indentify one more virus program that is indeed going to be very malicious and threatening for many PCs. Its name is Antimalware Tool, and the outcome of its impact on the PC is really devastating. Antimalware Tool stands for the fake security application which claims being a decent and legitimate one. It should be mentioned that it is a successor of another malicious application named Best Malware Protection of which we have told you in one of our previous posts. Antimalware Tool penetrates inside of the system by means of trojan that makes an ideal path for the virus to get in.


Soon after successful penetration and installation it would imitate computer scans (which are all fake) and would show plenty of fake warning messages that claim your computer is vulnerable to threats due to weak security provisions initiated by you. It also really irritates you by showing on your desktop very many fictitious security alerts and pushes you to buy its so-called full version.

Antimalware Tool is a scareware and thus must be totally ignored and disregarded. Do not buy it, no matter how convincing it might sound or seem to be. Antimalware Tool is not worth spending your funds because you only get even more threats for your computer and no PC protection at all. Antimalware Tool also tends to redirect your web browser to fake and illegal websites that sell the rogue. Stay away from purchasing anything it suggests you. On the contrary, refer to some reliable anti-spyware application and get rid of Antimalware Tool as soon as you can. We recommend GridinSoft Trojan Killer for this purpose.


Before downloading GridinSoft Trojan Killer for automatic removal of Antimalware Tool virus make sure to restore your Internet connection as shown below.

Antimalware Tool automatic remover:

  1. Download the latest version of GridinSoft Trojan Killer to clear (not infected) computer and install it.
  2. Update the virus database.
  3. Copy the entire folder “GridinSoft Trojan Killer” to your jump drive (memory stick). Normally it is located at the following path: (C:\Program Files\GridinSoft Trojan Killer). “C” stands for the system disk of your computer. The name of the system disk, however, can be marked with another letter.
  4. Open your jump drive (memory stick). Find the folder “GridinSoft Trojan Killer” there. Open it , find the file under the name “trojankiller.exe” and rename it to “iexplore.exe”.
  5. Move memory stick to infected PC, open “GridinSoft Trojan Killer” folder and run iexplore.exe. Optional: copy the folder “GridinSoft Trojan Killer” from your jump drive to some other folder created on your PC and run “iexplore.exe”.
Instructions on how to restore your Internet connection:

1. Start Internet Explorer and click on the Tools menu and then select Internet Options as shown in the image below:

IE cannot display the web page

2. Select Connections tab and now click on the Lan Settings button as shown in the image below:

3. Under the Proxy Server section uncheck the checkbox “Use a proxy server for your LAN” and press the OK button to close this screen:

LAN Settings

Antimalware Tool virus manual removal guide:

Remove Antimalware Tool Files:
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antimalware Tool.lnk
%Desktop%\Antimalware Tool.lnk
%LocalAppData%\Microsoft\Internet Explorer\MSIMGSIZ.DAT
%TempDir%\ins2.tmp
%TempDir%\mv1.tmp
%TempDir%\wrk3.tmp
%CommonAppData%\09e67c0a-8e61-436d-b757-3b6139de3f3cxxgwynftU52CESXn7YWuvHSz5S5z.dat
%CommonAppData%\09e67c0a-8e61-436d-b757-3b6139de3f3cxxgwynftU52CESXn7YWuvHSz5S5z.ico
%CommonAppData%\09e67c0a-8e61-436d-b757-3b6139de3f3cxxgwynftU52CESXn7YWuvHSz5S5z.svs
%ProgramFiles%\Antimalware Tool\Antimalware Tool.dll
Remove Antimalware Tool Registry Entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FF393560-C2A7-11CF-BFF4-444553540000}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “09e67c0a-8e61-436d-b757-3b6139de3f3c”

No comments:

Post a Comment

Search this blog