A fake antivirus program called “Windows AntiVirus Helper” installed itself on my computer. I can’t open anything because it always says whatever i try to open is infected. This program keeps popping up fake windows security alert message and telling me my computer is infected. It then asks me to register a full version and get the ultimate protection. I don’t see it on my programs list on the control panel to uninstall it, i can’t open up any anti malware programs to get rid of it, and it also blocks windows task manager. Any help to remove this virus will be appreciated.

Windows AntiVirus Helper Virus Description:

Windows AntiVirus Helper is categorized as a rogue antivirus program that may be downloaded when a user opens an unknown email, downloads a malicious program or even visits pornographic website. Now fake anti-virus threats are rampant and growing, they can come suddenly on your computer without any permission and run automatically each time you start Windows. Many inexperienced users are fooled by this scam and consider it as a genuine security product when the first time they saw this virus, they are panic by thinking their computers are really messed up and need a fix quickly. They are afraid to lose everything on the computer. Therefore, more than half of them may choose to register and purchase the so called “full version” which turns out to be a big scam and help nothing to protect a computer. Obviously, a rogue program is highly dangerous if it is installed on your computer. Its final goal is to bamboozle you into spending money on its full version before you realize that these warnings are fake.

Windows AntiVirus Helper is nothing but a fraudulent and useless security tool with the aim of stealing your money. It comes from the FakeVimes family which has been activated since 2009. Now this rogue family is still updating and it keeps scamming different average PC users all over the world. When it is installed on your computer, it will be configured to automatically scan your computer each time you login to Windows. After a few minutes, you will be shown the fake scan results. It will state that your computer is at risk and has various infections including Trojans, Backdoors or Worms. All these infections can’t be removed until you activate and pay for the so called full version of Windows AntiVirus Helper. It works like a real PC cleaner but that’s only what the whole process looks like. In fact, it has no ability to reveal how your system is functioning and whether it has spyware on board or not. The program is useless and it contains no actual ability to help users protect a computer or detect any viruses like a legit security tool.

Unlike a real anti-virus application, Windows AntiVirus Helper will always indicate that your computer is severely infected with malware. In order to convince PC users into believing their computers really get infected, it will perform as many harmful activities as possible to ruin a computer. Whenever you try to get online or run an application, it blocks you and gives you a fake alert instead telling “Firewall has blocked a program from accessing the Internet. C:\windows\system32\cmd.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.” In this case, you are not able to do anything on your computer at all. The only thing you are allowed to do is to pay for Windows AntiVirus Helper. However, under no circumstance should you pay for the money, or you will be tricked by a big scam. By offering users fake security software that is either ineffective or actually carries malware and charging them for this fake program, criminals can easily make money and even probably steal user’s information for identify theft. If Windows AntiVirus Helper pops up on your computer, you must ignore all notifications by this rogue and take action to remove it as quickly as you can and don’t be the next victim.

Note: Manual Removal requires expertise and it is for advanced users, if you don’t have much experience in dealing with rogue anti-spyware virus. Contact YooSecurity Online PC Experts for removal assistance.

Screenshot of This Rogue Program:

* This rogue pop up has a similar appearance as many legit antivirus programs so that average PC users can be easily confused by this scam software and will be more willing to pay to activate the rogue program. Warning! The amount of money you spend on this rogue won’t be returnable once paid.

Windows AntiVirus Helper is a virus that can completely damage your computer. Once running, you will be forced to run a bogus scan and shown by a large number of pop-up windows and fake error messages warning about security problem. Your computer screen will be taken over because this fake antivirus keeps showing false positive to convince you that this PC has been seriously infected just like the following picture shows:

Windows Antivirus Helper

How can I uninstall a Rogue Program completely?

The rogue pop up can block almost everything you try to run on the infected computer including your anti-virus programs. And it usually won’t be uninstalled from Control Panel as many users have the unwanted program coming back again and again after they thought they had removed it. Compared to other removal methods, manual removal is a more effective way to get rid of this rogue from your computer. For that, expertise will be required to accurate the process of the removal as any vital mistakes could be resulted due to a single misleading step. This passage contains a guide to help you manually remove Windows AntiVirus Helper virus.

Symptoms of Infection of Rogue Programs:

Operations on the computer will be constantly blocked by the virus screen pop up.
Regular files and programs are reported to contain viruses.
Fake security alerts are displayed continuously.
Internet connection can be affected as well.
Computer is slow in response.
CPU Usage percentage is rather high.
Desktop icons are missing or relocated..

How to Remove Windows AntiVirus Helper Manually?

Step A. Restart the infected computer into safe mode with networking.

The virus often disables any other operations on the infected computer once it pops up and takes over the whole computer screen. So we need to restart the infected computer into safe mode with networking to troubleshoot it. To do that, you need to restart the infected computer and when it starts up you have to tap F8 key constantly to access Advanced Boot Option page. (You can click here to view how to boot Windows 8 into safe mode with networking.)

Highlight Safe mode with networking on this screen and press Enter key to log in.

safe-mode-with-networking1
Step A: Check on your start menu if there are any programs that you are not familiar with. The strange ones will often related to the virus process as it can start automatically with the windows. You can press on Windows key or just click on the start menu to view it. Please notice that you need to click on All Programs to have an overall check on it.

start button
Step B: To remove Windows AntiVirus Helper, the first thing we need to do is to end its process thus we will not get the error message when we delete its files. To do that, open Windows Task Manager to end process related to this virus. You can press Ctrl+Alt+Del keys at the same time to pull up Window Task Manager; go to Processes tab on top and scroll down the list to find.

windows task manager

Step C: Always any virus files will be hidden files. So we need to show hidden files before we are going to delete them. Open Control Panel from Start menu and search for Folder Options (As an easy way you can open a folder and hold Alt key and tap on T, O key one by one and folder option window will pops up). Go to Folder Options window, under View tab, tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click Apply and then hit OK.

folder options

After we can see hidden folders and files we can go to system files and delete the infected files. The path of the virus often can be found from the antivirus which detects it.

program data

Step D: After we delete the virus files from system data we get to remove the registry of the virus from registry editor to prevent it from coming back. You can get Registry Editor by pressing Windows+R keys to pull up Run box and type in regedit to open Registry Editor.

Run box

The following is how Windows Registry Editor looks like.

Registry Editor

Step E: Delete all these associated files and registry entries related to Windows AntiVirus Helper malware from Registry Editor. The registry files are listed randomly. Besides, you need to delete the infection files of the redirect virus from your system files to prevent it from coming back. Those files are named randomly also but may be different on different operating systems.

Video on How to Remove This Rogue Program from YouTube:

You also can see the removal video on our website:

Conclusion:

Windows AntiVirus Helper is a malicious rogue program that can attack computers running with Windows XP, Windows Vista, Windows 7 and even Windows 8. Now it has many clones that also comes from the FakeVimes family sharing with the same GUI like Windows AntiBreach Helper Virus and Windows Antivirus Master Virus. This program uses scare tactics by only showing innocent users fake reports and it is part of a scam aiming to rip off your money. It can steal your information, slow your computer, corrupt files, disable updates for legitimate antivirus software, or even prevent you from visiting legitimate security software vendor sites. Hence, you should remove this fake antivirus as soon as it is detected.

Note: Have spent too much time in fixing the problem but failed? To avoid any mistakes, please contact YooSecurity Online Experts in time to save your computer.

Published by Tony Shepherd & last updated on April 10, 2014 4:03 am

Leave a Reply