Moved this to Top Threats in Security Awareness. None of the major antivirus applications detect these fake anti-malware entities.
There is an excellent removal guide here: http://www.bleepingcomputer.com/virus-removal/remove-windows-pro-safety-release
There are some suggestions here also: https://community.mcafee.com/docs/DOC-2168
The first thing to try is to use System Restore to go back to before it happened. You can initiate that in Safe Mode if necessary.
1 of 1 people found this helpful
The poster may need to update one or more out-of-date programs - Flash, Adobe Reader, Java are the usual culprits unless Windows updates haven't been installed.
This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Pro Safety Release in order to clean it.
Windows Pro Safety Release will hijack the Windows Task Manager and Registry editor so that when you launch them, it will instead open the rogue's Advanced Process Control screen, which acts like a task manager. This allows the rogue to take full control of your computer until you pay the "ransom".
Follow the instructions in the page linked to at the start of the post.
Thank you for the quick feedback. I was leaning toward http://www.bleepingcomputer.com/virus-removal/remove-windows-pro-safety-release, but wanted to hear from the community just in case I would be heaping on more malware and digging a deeper hole. My daughter is so thankful.She was decieved by the shield thinking it was safe when she pushed submit on the fake antivirus. Too bad McAfee is not up to speed. Makes me wonder what I am $$$ for. Decisions at renewal time.
Again many thanks to the community!!!
BTW, I did try running McAfee Virtual Technician beforehand. It recongnized the Agent services were not running and 1 broken registry. It fixed the registry, but after several attempts it still could not restart the Agent services. For completeness, I ran it again after using Malwarebytes' Anti Malware. I had to use MVT to force the update to latest DAT.
Nothing will function properly until this is cleaned out. As I stated earlier, no antivirus will stop these things because they rely on someone clicking something, even the 'Close' or 'X" to clear the screen, in order to be activated..
BleepingComputer is an extremely reputable source of help in these and many other matters.
Don't ever click anything unless you recognize it and trust it.