In the recent past I received an email from someone that was wondering what he should do about the following pop-up.
Before I got a chance to email him back, he hit OK on that pop-up. He then received this pop-up.
I quickly emailed him back and told him that it was a fake anti-virus message. If he would have clicked clean computer, he would probably have gotten infected. I told him to run a full scan with his antivirus software. Thankfully, he wasn’t infected.
I decided I would have a little fun with this virus. I have a virtual machine for technical purposes, so I decided I would try to infect my virtual machine with this virus. I found the website that was infected.
I soon downloaded a malicious script from the website and I was infected with the virus. Here are a couple screenshots of the Windows Accelerator Pro virus.
The virus tries to force you to pay for its “anti-virus protection”
Here is how I removed Windows Accelerator Pro.
Step One: I started the computer and hit F8 until I got to the screen that I chose Safe Mode with Command Prompt. Note: Safe Mode and Safe Mode with Networking will still allow the virus to work and you can’t get around it.
Step Two: I typed explorer in the command prompt.
I have met a couple other viruses similar to this one and a common place to store the executable file is C:\ Users\<Username\AppData\Roaming. I decided to browse to that location using Windows Explorer and sure enough there was a weird file called guard-sald there. I removed that file and another file called GDIPFONTCACHEV1.DAT. I then browsed to C:\ Users\<Username\AppData\Local and removed a file called result1.
Attn: Your virus file names may be different than these. I am just stating what worked for me. To make sure you don’t mess up the Windows file structure, by deleting something good, I would encourage you to cut and paste your virus files to the desktop. I pasted my viruses to the desktop and they didn’t start, at start-up since they weren’t in their correct folders.
I then rebooted the computer.
I removed the viruses and malware these programs found and I was back in business.
This was posted by techspeeder.