Posts Comments

Nortel Antivirus Removal

By admin on September 2, 2009 Leave a Comment

Nortel Antivirus is the latest Smitfraud client on the market. It looks very similar to Norton clients and even the name may fool some people. This is nothing more then your normal bogus security client

Nortel Antivirus

Nortel Antivirus

» Download Nortel Antivirus Virus Removal Software

Nortel Antivirus is your basic fake security program.  This will only show fake scan results and the program is not to be trusted.  This client is well known for blocking security client updates by changing the users HOSTS file at  %System%\drivers\etc\hosts  in order to disable access to many security websites:  If you are unable to update your current security software that it why.  You can always open it up and remove the traces that are blocking your website. Most users who get infected with this got it from a fake trojan downloader package.  Once the user is infected this trojan will then go out and download this rouge security client.  If you find yourself infected you can use the below manual guide.

Some symptoms of Nortel Antivirus:

* Bogus Scan results * Auto Scans on Start-up * Warning coming out of a fake shield in the system tray * pop-ups and re-directs to the fake software's website * constant warnings of being infected as well as false statements of other trojans

Manual removal instructions for Nortel Antivirus ( Please read our disclaimer bellow )

Kill Nortel Antivirus processes: ( Learn How to Kill a Process Here. Opens in new Window )

  • WinAvXX.exe
  • wox.exe
  • mrgdll.exe

We do recommend you run a full scan using SpyHunter. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates.

Delete Nortel Antivirus registry values: ( Learn How to Edit Registry Here. Opens in new Window )

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\ProgramData\nol\mrgdll.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM NAME]" = "C:\ProgramData\nol\wox.exe"
  • HKEY_CURRENT_USER\Software\wox

Delete files:

  • %UserProfile%\Start Menu\Programs\Startup\system.exe
  • C:\Documents and Settings\All Users\ Start Menu\Programs\Startup\autorun.exe
  • wox.exe
  • mrgdll.exe

Delete directories:

  • C:\ProgramData\nol\
  • %UserProfile%\Application Data\nol\

Outside Resources:

http://www.2-spyware.com/remove-nortel-antivirus.html

http://www.spywarevoid.com/remove-nortel-antivirus-nortel-anti-virus-removal-help.html

Filed Under: Virus Removal Tagged With: , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.