Computer Tips -Tech Info



« | »

How to Remove Armor Defender | Armor Defender Removal Guide

Armor Defender is the latest rogue antivirus from the wini family of rogues. It takes a bit of a departure from the recent look of their rogues. However, like all of it’s other cousins in the fact that it is promoted by trojan, malware and they masquerade as flash updates that would be required to view a popular online video, but the payload is not a flash update, instead it’s the beginning of quite a bit of frustration as the computer starts to show many popups complaining of viruses on the machine, popups complaining of security deficiencies with the system and as if we couldn’t guess….. it can’t be fixed unless you purchase. Read on for how to remove Armor Defender.


There are a number of ways you may attempt to remove this rogue antivirus application from your computer. The first and easiest is to go to the control panel and then add/remove programs and uninstall armor defender. If you are able to uninstall from here, then you should also follow up with a scan from a trusted malware removal tool such as superantispyware or malwarebytes and then follow THAT up with a scan from a trusted antivirus application. Trendmicros online housecall would be suitable or a free antivirus such as AVG, Avira, avast are possibilities as well.

The next way you may seek to remove armor defender is to go to my virus removal toolkit page and from there download either malwarebytes antimalware or the portable version of superantispyware. If you download the portable version of superantispyware it will save to a new random file name, make sure to take note of the name. You should be able to use either of these to clean up. Malwarebytes may take a bit more work to get installed. If you are unable to install malwarebytes antimalware you may try the following: 1) rename the installer mbam-setup.exe to something else (firefox.exe). 2) reboot into safe mode with networking and then retry the install. 3) follow the next step which is killing off the running processes associated with armor defender and then retry the install of malwarebytes.

The following running processes should be killed off using task manager. If task manager is unable to launch then try the following. 1) copy and paste task manager to the desktop (taskmgr.exe) and then rename it to something like iexplore.exe. 2) reboot into safe mode and check to see if the programs listed are running – if not go ahead with your cleanup in safe mode. 3) use process explorer (on the same virus removal toolkit page) instead of task manager to kill off the following:

Uninstall.exe
armordefender.exe
RANDOM.exe (consult listing of file locations below and compare with what is on your system)

Some of the files reported to be associated with armor defender are listed below. Some may include randomization in their filenames and may not have exactly the filenames you see listed on your system. Please use this listing as well as what you see on your system to determine what should be deleted:

%user%DesktopArmorDefender.lnk
%user%Start MenuProgramsArmorDefender.lnk
%progfiles%ArmorDefender Software
%progfiles%ArmorDefender SoftwareArmorDefender
%progfiles%ArmorDefender SoftwareArmorDefenderArmorDefender.exe
%progfiles%ArmorDefender SoftwareArmorDefenderUninstall.exe
%win%1076zspa9bot475.cpl
%win%1193z5py605.exe
%win%1218bzckd9o5653.bin
%win%122z5not-a-virus795.exe
%win%system32391dsz95are2473.exe
%win%system323922tzr5at91349.ocx

After all of these have been killed off and deleted, even with a perfect manual removal of armor defender, then you should follow up with a complete scan from a reputable cleaner such as superantispyware or malwarebytes antimalware. Then perform a scan with a reputable antivirus such as AVG/McAfee/Norton/etc.

Related Posts

Blog Traffic Exchange Related Posts Blog Traffic Exchange Related Websites
PDF24    Send article as PDF   

Posted by on January 19, 2010.

Tags: , , , , , , , , , , , ,

Categories: antivirus, malware, Rogue Security Software

« | »




Recent Posts


Pages



Switch to our desktop site