A lady I help called because her Win system said it was infected and she
needed to send in 49.95. It said she had a pernicious worm, but when I
went and saw it, I was quite impressed by the intrusion.
A thing called "Advanced Virus Remover" was flashing all kinds of
popups, scary warnings. It even re-writes the global user background
with a horrible warning.
SO what, no big deal. Get rid of it.
Easier said than done. The AVR disables Mcafee antivirus. It disables
access to the command prompt, taskmgr, and regedit, telling the user
those programs cannot be run because they are infected.
I found lots of discussion about this on the net, lots of people
offering to give me something to fix it. How to know which are honest,
and which are scams that will dig me in deeper?
I gambled on one that seemed more honest.
At the bottom there is "mpam4_taskmgrXP.exe", a task manager you can run
and it defeats the Advanced Virus.
Run that, manually kill the Advanced Virus Remover program (AVR) in the
list, then manually remove the Advanced Virus directory from c:\Program
After that, your Mcafee will run and quarantine a bunch of files.
I also found another free spyware checker to run.
Malwarebytes Anti Malware
After that all is well.