Archive for July, 2011

What is Anti-Malware Lab, How to remove Anti-Malware Lab

Wednesday, July 6th, 2011

Anti-Malware Lab is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Anti-Malware Lab associated files and folders:

C:\Documents and Settings\All Users\Application Data\da1933\AB120_121.exe
%UserProfile%\Application Data\Anti-Malware Lab
%UserProfile%\Application Data\Anti-Malware Lab\cookies.sqlite
%UserProfile%\Desktop\Anti-Malware Lab.lnk
%UserProfile%\Start Menu\Anti-Malware Lab.lnk
%UserProfile%\Application Data\Anti-Malware Lab\Instructions.ini
%UserProfile%\Start Menu\Programs\Anti-Malware Lab.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Anti-Malware Lab.lnk

Anti-Malware Lab associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Anti-Malware Lab

Core filename: AB120_121.exe
Command: C:\Documents and Settings\All Users\Application Data\da1933\AB120_121.exe
HijackThis shows Anti-Malware Lab:

O4 – HKCU\..\Run: [Anti-Malware Lab] “C:\Documents and Settings\All Users\Application Data\da2933\AB120_121.exe” /s /d

Description: Anti-Malware Lab is a fake antivirus software that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, this malware will display numerous fake security alerts and block legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake antivirus! Instead, follow the removal guide below to remove Anti-Malware Lab from your computer for free using legitimate free antimalware software.

How to remove: use the Anti-Malware Lab removal guide or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

4. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[resethosts]

Click the red Moveit! button. Close OTM.