How To Remove Alpha Antivirus (Removal Guide)
There is a new rogue among us. It appears that Alpha Antivirus has replaced Personal Antivirus as one of the latest rogue security programs. This particular rogue installs through online “scans” (popups.) The reason I say “scans” is they’re essentially animations of a scan (every one that visits the site will see the same thing even if you visit from a non windows OS which is somewhat amusing…) But, those details could certainly be changed. Who knows someday they may randomize their animations of scans and alter them to match other operating systems if they start to get fancy. Anyway, like many of the rogues that we’ve been covering their goal is to scare you into downloading and then paying for Alpha Antivirus by providing scan results that appear to indicate a security problem with your computer that only they can fix if you pay. In addition to this “fun”, Alpha Antivirus also drops a password stealing trojan. Those online banking passwords are more valuable than the fee for this software I suspect. Read on to see how to remove alpha antivirus.
One thing I should mention about so many of these rogue antivirus programs. Once they are on your system they can do most anything. So, for instance links on webpages can be hijacked and redirected to pages that they want you to see. I noticed an odd exit link in my logs last night and on investigation it was a page to receive payments for alpha antivirus. So, I went to the alpha antivirus removal page to see if there was any link with that address on the page. There wasn’t, there were only links to the tutorial itself, other removal guides and the page for my virus removal toolkit. So, I can only assume someone was browsing from a machine with alpha antivirus already installed and it hijacked the link. It’s usually best to look for removal help from a machine that’s not infected. You really never know what other things it could do after it’s installed on the system. The malwarebytes antimalware download could be substituted or altered with something else – so download your cleanup tools on a clean system if at all possible.
First off, the following domains are associated with Alpha Antivirus:
Mycomputerthreats15 com
Securewinupdatesv3 com
Statickingdom com
Windowsprotectionupdate4 com
Blog them however you wish, but you should not visit those sites without the biohazard suit and rubber gloves!
In addition to the “features” listed above of stealing passwords and the false security warnings trying to coax you into paying for it. It also slows your computer down, redirects your web browser to malicious sites and may be able to disable legitimate computer security programs (antivirus/antispyware.)
I would suggest first trying to download and run malwarebytes antimalware from my virus removal toolkit page. If you are not able to run and update it in a normal Windows Boot, retry in safemode and if that doesn’t work, you may need to rename the installer file or program executable to get it on the system. Another alternative is the first step of manual removal:
In the task manager look for and kill off the following process:
Alpha Antivirus.exe
(After this you may/should be able to run malwarebytes.)
If continuing with the manual removal then you will want to delete files in the following locations:
%SysRoot%\Samples
%UserProf%\Local Settings\Temp
%ProgFiles%\Alpha Antivirus
%ProgFiles%\LabelCommand
%DocRoot%\All Users\Start Menu\Programs\Alpha Antivirus
%DocRoot%\All Users\Application Data\Alpha Antivirus
Alpha Antivirus.exe
The executable may need to be searched for. My first guess would be to look in the above directories, or the system root directory. Following that the Windows install directory and the system32 directory beneath the Windows Install directory. If you still can’t find the Alpha Antivirus.exe file then you may need to use the search feature to search for it (make sure you’re searching all files.)
After a manual removal of alpha antivirus it’s still a good idea to update and run malwarebytes antimalware to ensure that you clean up any leftovers or other files brought by this rogue security program.