Nortel Antivirus is the latest Smitfraud client on the market. It looks very similar to Norton clients and even the name may fool some people. This is nothing more then your normal bogus security client
Nortel Antivirus
» Download Nortel Antivirus Virus Removal Software
Nortel Antivirus is your basic fake security program. This will only show fake scan results and the program is not to be trusted. This client is well known for blocking security client updates by changing the users HOSTS file at %System%\drivers\etc\hosts in order to disable access to many security websites: If you are unable to update your current security software that it why. You can always open it up and remove the traces that are blocking your website. Most users who get infected with this got it from a fake trojan downloader package. Once the user is infected this trojan will then go out and download this rouge security client. If you find yourself infected you can use the below manual guide.
Some symptoms of Nortel Antivirus:
* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software's website * constant warnings of being infected as well as false statements of other trojans
Manual removal instructions for Nortel Antivirus ( Please read our disclaimer bellow )
Kill Nortel Antivirus processes: ( Learn How to Kill a Process Here. Opens in new Window )
- WinAvXX.exe
- wox.exe
- mrgdll.exe
We do recommend you run a full scan using SpyHunter. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates.
Delete Nortel Antivirus registry values: ( Learn How to Edit Registry Here. Opens in new Window )
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\ProgramData\nol\mrgdll.exe"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\ProgramData\nol\wox.exe"
- HKEY_CURRENT_USER\Software\wox
Delete files:
- %UserProfile%\Start Menu\Programs\Startup\system.exe
- C:\Documents and Settings\All Users\ Start Menu\Programs\Startup\autorun.exe
- wox.exe
- mrgdll.exe
Delete directories:
- C:\ProgramData\nol\
- %UserProfile%\Application Data\nol\
Outside Resources:
http://www.2-spyware.com/remove-nortel-antivirus.html
http://www.spywarevoid.com/remove-nortel-antivirus-nortel-anti-virus-removal-help.html
Speak Your Mind