How to Remove ReAnti | ReAnti Removal Guide
ReAnti is a rogue antivirus application from the Wini family. It is typically promoted through supposed flash player updates or video codec updates. Once on your system it will pretend to run a scan and find all sorts of files that it claims are infected with viruses. Of course, like all the rogue applications it can only clean things up if you pay for the software. Read on for how to remove reanti.
With ReAnti you will likely see all sorts of popus along the lines of “infiltration alert” or “Spyware alert” or “security center alert”. All of these warnings are generated by ReAnti and shouldn’t be given any credibility.
For removal, you may wish to visit the control panel, and then add/remove programs. If that is successful I would still proceed to install, update and scan with malwarebytes antimalware as well as a trusted antivirus program (AVG/avira/trend micro/etc.)
You can find a download link for malwarebytes antimalware on my virus removal toolkit page. While you are there you may also wish to download process explorer as you may find it useful in the removal process.
When you download malwarebytes antimalware go ahead and try to install it, update and run a scan. If this fails to run you may try the following tricks to help. 1) rename the installer file from mbam-setup.exe to something else like firefox.exe for instance (and re-run the install). 2) reboot into safe mode with networking ( you’ll need networking to update it.) then try rerunning the install. 3) try the next step which is to kill off the running processes associated with ReAnti and then retry the install, update and scan with malwarebytes antimalware.
The following processes are associated with ReAnti and should be killed off using the task manager for your removal of ReAnti:
10235w5rm39dz.exe
REAnti.exe
uninstall.exe
There may be a random component to the names listed above, you should use the patterns you see above and th information below along with what you find on your system to decide which processes to kill off. If you are unable to launch the task manager you may try one of the following 1) copy the task manager executable file taskmgr.exe to the desktop and rename it to something else firefox.exe/iexplore.exe for example and retry running it. 2) reboot into safe mode and see if the processes can be killed off there. 3) use process explorer to kill the processes off instead of task manager.
After that you should proceed to remove the following files and folders:
%docs%\All Users\Desktop\REAnti.lnk
%docs%\All Users\Start Menu\Programs\REAnti
%docs%\All Users\Start Menu\Programs\REAnti\1 REAnti.lnk
%docs%\All Users\Start Menu\Programs\REAnti\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\REAnti\3 Uninstall.lnk
%progfiles%\REAnti Software
%progfiles%\REAnti Software\REAnti
%progfiles%\REAnti Software\REAnti\REAnti.exe
%progfiles%\REAnti Software\REAnti\uninstall.exe
%win%\1022795zj549.ocx
%win%\10235w5rm39dz.exe
%win%\10279wo5mzcc.ocx
%win%\system32\23959viruz64c.ocx
%win%\system32\23z57tr9j60f.ocx
%win%\system32\241359orzdc.bin
%tmp%\RandomFileName.exe
The “RandomFileName.exe” above is a randomized file name, use what you find on your system to help determine which file should be removed. After this you should have completed most of what you can do for a manual removal of reanti. I still suggest going back and installing malwarebytes antimalware and scanning as well as scanning the computer with a trusted antivirus such as avira/avg/or an online scan like trendmicro afterwards to make certain that you have cleaned out all the leftovers of ReAnti.