3 replies to this topic

[Trevuren]

A BIG thank you to Quietman7 for granting WTT permission to post his material. (Intro slightly edited to fit WTT requirements)

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. This is especially true if you are receiving help from a member of the Malware Removal Team. Certain embedded files that are part of these specialized fix tools may at times be detected by your anti-virus or anti-malware scanner as a "RiskTool", "Hacking tool", "Potentially unwanted tool", a virus or a "Trojan" when that is not the case.

These tools have been carefully created and tested by security experts so if your anti-virus or anti-malware program flags them as malware, the detection is what's known as a "False Positive". Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the removal of these files can have "unpredictable results" and unintentional results.

To avoid any problems while using a specialized tool it is very important that you temporarily disable your anti-virus and/or anti-malware programs before using them or when instructed by a member of the HJT Team. You can re-enable these programs after the malware removal process has been completed.

Many folks may not be sure how to do this so the BC Staff has created a list of common anti-virus programs and the relevant steps to disable their Real-time protection capabilities. When your system has been cleaned or when advised by your helper, it is important that you re-enable your security programs to avoid re-infection. A special thanks to Yourhighness for the diligent effort in compiling this list.[/quote]

How to Temporarily Disable your Anti-virus

AVAST
Right- click on the avast! icon in system tray (looks like this: but orange in color starting with v5). Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.

AVG 8
Open the AVG 8 Control Center, by right-clicking on the AVG 8 icon on task bar.

• Click on Tools.
• Select Advanced.
• In the left hand pane, scroll down to "Resident Shield".
• In the main pane, deselect the option to "Enable Resident Shield."
• To re-enable AVG 8, please select "Enable Resident Shield" again.

AVG 8.5
Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.

• Click on Open AVG Interface.
• Double click on Resident Shield
• Deselect the option to "Enable Resident Shield."
• Save changes, and exit the application.
• To re-enable AVG 8.5, please select "Enable Resident Shield" again.
• Also see AVG FAQ 1209: How to temporarily disable AVG Free Edition 8.5

AVG 9.0
Please refer to the instructions provided in AVG FAQ 2429: How to temporarily disable AVG Free Edition 9.0.

AVG 2011
Open the AVG 2011 Control Center, by right-clicking on the AVG icon on task bar.

• Click on Open AVG User Interface.
• On the Menu Bar, click on Tools, then click Advanced Settings.
• In the screen which opens, scroll down to Temporarily disable AVG protection.
• Click on it to highlight and in the right hand pane, check the box for Temporarily disable AVG protection.
• Click Apply.
• In the next screen which opens, select 15 minutes from the drop down menu, then click the Disable real time protection button and click OK.
• To re-enable, just check Enable on the main GUI interface. You may also need to click Fix (enable becomes Fix if all components do not start).

AVG FAQ 3857: Disabling AVG 2011 temporarily
AVG FAQ 3902: Disabling Specific AVG components

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )

• right click it-> untick the option AntiVir Guard enable.
• You should now see a closed, white umbrella on a red background (looks to this: )

BIT DEFENDER

• Double click on the system icon for Bit Defender.
• When the Bit Defender window appears, move mouse arrow to the left side and click >> Virus Shield.
• Move mouse arrow to the black check by Virus Shield is enabled and click.
• The black works will change to red, >> Virus Shield is disabled.
• Move mouse arrow to the top right corner and click the down arrows.
• Bit Defender is now inactive.
• To enable Bit Defender, do the same steps except click to enable.

CA Internet Security Suite 2010

• To turn off the Firewall, right-click on the CA Shield icon in the system tray, click My Internet, then click Disable Firewall.
• To turn it back on, right click system tray icon, click My Internet, then click Enable Firewall.

• To temporarily disable the Antivirus, right-click the CA Shield icon in the system tray, click My Computer, then click Enable Snooze.
• Enter the snooze time in minutes (up to 999, approx 16 2/3 hours) in the box and click Snooze.
• To end snooze, follow the same procedure and click Wake Now on the page for entering snooze time.
• To disable Antivirus on a longer basis, double-click the CA Shield icon in the system tray.
• When Security Center comes up, click Update Settings in the My Computer tab.
• Then click the red X next to Auto Scan.
• To re-enable, follow the same procedure and click the green checkmark.

ESET NOD32 ANTIVIRUS V4

• Double click on the system tray icon: on the bottom right hand corner.
• Select Disable real-time file system protection.
• A popup will ask "Are you sure you want to disable...protection?"
• Click "Yes" to disable the Antivirus guard.

ESET SMART SECURITY

• Double click on the system tray icon: to open the main application window.
• Or via Start >> All Programs >> ESET >> ESET Smart Security.
• Click on Setup >> Antivirus and antispyware >> Temporarily disable Antivirus and antispyware protection.
• When prompted to confirm temporarily disable select Yes.
• Note: Protection will be automatically started after a system reboot.

F-SECURE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a blue sign.

• right click it-> select Unload.
• The F-Secure sign should now be surrounded by a red striked through circle (looking like this: )

F-SECURE CLIENT SECURITY
Please refer to this User Guide (page 67, Real-time scanning settings}

KASPERSKY ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

• right click it-> select Pause Protection.
• click on -> By User Request
• a popup will claim that protection is now disabled and a sign like this: will now be shown.

MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

• Right-click it -> chose "Exit."
• A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

MCAFEE SECURITY CENTER 7.1
Please navigate to the system tray and double-click the taskbar icon to open Security Center.

• Click Advanced Menu (bottom mid-left).
• Click Configure (left).
• Click Computer & Files (top left).
• VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
• Do the same via Internet & Network for Firewall Plus.

Instructions to disable McAfee Security

MICROSOFT SECURITY ESSENTIALS

• Open MSE and go to Settings > Real Time Protection.
• Then uncheck "Turn on real time protection".
• Exit MSE when done.

NORTON ANTIVIRUS (by Symantec)
Please navigate to the system tray on the bottom right hand corner and look for a sign.

• right-click it -> chose "Disable Auto-Protect."
• select a duration of 5 hours (this assures no interference with the cleanup of your pc)
• click "Ok."
• a popup will warn that protection will now be disabled and the sign will now look like this:

NORTON 360

• Right-click the Norton 360 Premier Edition icon in the system tray and select Disable Antivirus Automatic-Protect.
• You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until system restart, Permanently.
• Choose 5 hours.

NORTON INTERNET SECURITY 2008
Please refer to these instructions.

NORTON ANTIVIRUS CORPORATE EDITION
Please refer to the instructions provided in the Norton AntiVirus Corporate Edition User's Guide under the section Turning File System System Protection off temporarily.

PC TOOLS THREATFIRE

• Right-click on ThreatFire's icon near the clock (it's an orange flame) and select Suspend.
• When you see that the icon has turned from an orange flame to a blue icon with an orange strip in the middle, ThreatFire has been temporarily disabled.

Sophos Anti-virus
Please refer to these Post #28 instructions.

SYMANTEC ENDPOINT PROTECTION
Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".



TREND MICRO PRODUCTS
Please refer to these instructions.

Edited by CatByte, 17 February 2012 - 04:56 PM.
Updated 02-17-2012

[Trevuren]

How to Temporarily Disable your Anti-malware Scanners



AD-AWARE AD-WATCH in Ad-Aware Anniversary Edition (and Pro version)

• Start Ad-Aware
• Click the Ad-Watch tab
• Click the Settings button
• Ensure all highlighted options bellow are unchecked:(some settings may be used or changed only in the Pro version)
  
  Under the General tab
  
  • Processes Protection
  • Registry Protection
  • Network Protection
  Under the Detection Layers tab:
  • Spyware heuristics
  • AntiVirus engine
• OK your way out, and close the main Ad-Aware window.
• Shut down Ad-Aware and Ad-Watch Live! by right clicking on the system tray icon, and selecting Exit Ad-Aware.
• OK the change.

AVG ANTI-SPYWARE

• Launch AVG Anti-Spyware.
• From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
• Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

COMODO BO CLEAN

• Right-click the system tray icon.
• Select Shut down BO Clean button.
• Restarts on reboot or open from Program Menu.

COUNTERSPY

• Right-click on the running CounterSpy icon in the sytem tray.
• Hover your mouse over "Active protection".
• A menu will slide out and then you need to left click on "Disable Active Protection".
• Disabling CS Active Protection should cause the systray icon to turn orange/red and hovering your mousing over the icon will then state "Active protection is disabled".

(When we are done, re-enable Counterspy by launching the program from Start > Programs, click on the Active Protection. It will either say Active Protection enabled or disabled. On the right side, you can select each of the tasks (scroll down to see all of them) individually, then either enable or disable them on the bottom right, individually. If you have a problem doing that then click on help, choose run setup wizard, click next 2 times, make sure automatic updates is set to yes, click next, make sure enable active protection is set to yes, click next, then click finish, then exit. Then open CounterSpy to make sure that the active protection has been enabled.)

MALWAREBYTES ANTIMALWARE
Please refer to these instructions.

PREVX

• Right click on the Prevx icon in your system tray and choose Show Management Console.
• On the Management Console click the Protection Level drop-down menu.
• You will see three levels:
  • Maximum
  • Off
  • User Defined
• To disable all protection set the level to Off.
• You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
• Click the X on the upper right hand corner to exit the Management console.

PROCESS GUARD

• Right-click the blue lock ProcessGuard icon located in the system tray.
• Uncheck 'protection enabled'.
• Click yes.

REG DEFEND
Right click the icon for RegDefend in the systray and select Exit.

SPYBOT TEATIMER

• Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
• On the left hand side, click on Tools, then click on the Resident Icon in the list.
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• Click on the "System Startup" icon in the List
• Uncheck the "TeaTimer" box and "OK" any prompts.
• If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
• Exit Spybot S&D when done and reboot your computer.
  (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

SPY SWEEPER version 4

• Open Spy Sweeper and click on Options > Program Options and uncheck "load at windows startup".
• On the left click "shields" and then uncheck everything there.
• Uncheck "home page shield".
• Uncheck "automatically restore default without notification".
• Exit the program and reboot for the changes to take affect.
• (When we are done, you can re-enable it using the same steps but this time reverse them.)

SPY SWEEPER version 5

• Open SpySweeper and click Shield Settings on the right (or Shields on the left, depending what screen you're on).
• Click Internet Explorer and uncheck all items.
• Click Windows System and uncheck all items.
• Click Hosts File and uncheck all items.
• Click Startup Programs and uncheck all items.
• Exit the program.

SPYWARE DOCTOR

• Click the Spyware Doctor icon in the System Tray.
• Click Settings.
• Click Startup Settings under Pick a Category.
• Uncheck "Run at Windows startup".
• Click Apply and Exit Spyware Doctor.
• From within Spyware Doctor, click the "OnGuard" button on the left side.
• Uncheck "Activate OnGuard".
• (When we are done, you can reenable Spyware Doctor)

SPYWARE GUARD

• Right click the running icon of Spywareguard in the system tray to open the program.
• Then go to Menu, File, and choose Exit.

SUPERAntiSpyware
Please refer to: How do I disable SUPERAntiSpyware?

TROJAN HUNTER

• Go to TrojanHunter Guard in the the system tray. It is a light blue icon with a magnifying glass and red handle.
• Right click on it and select settings.
• Uncheck "Load at startup" and "Enabled". Make sure that the program, TrojanHunter itself, is also closed/not running.

WINDOWS DEFENDER

• Click Start > Programs > Windows Defender or launch from the system tray icon.
• Click on Tools & Settings > Options.
• Under Real-time protection options, uncheck the "Real-time protection" check box.
• Click Save.
• Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
• (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)

-- Note: The version of Windows Defender included with all versions of Windows 7 and Vista is part of the operating system so it cannot be uninstalled. However, you can disable or turn it off.:
Turn Windows Defender real-time protection on or off in Windows 7
Turn Windows Defender real-time protection on or off in Vista

WINDOWS ONECARE

• To Disable Antivirus: Open the Windows OneCare user interface.
• Click View or Change Settings > Antivirus Tab.
• Click the radio button to turn the anti-virus off.
• To Disable Firewall: Open the Windows OneCare user interface.
• Click View or Change Settings > Firewall Tab.
• Drag down the slider to turn the firewall off.

WINDOWS LIVE ONECARE
To Disable AntiVirus and AntiSpyware protection

• Right click the system tray icon and select Open Windows Live OneCare.
• On the main page click Change Settings > click Viruses and Spyware Tab.
• Tick "Off" radio button > Apply and OK.

To Disable Firewall protection

• Right click the system tray icon and select Open Windows Live OneCare.
• On the main page click Change Settings > click Firewall Tab
• Tick "Off" radio button > Apply and OK.

WINPATROL
Right-click the running icon of Winpatrol in the sytem tray and choose exit.

Edited by CatByte, 17 February 2012 - 04:58 PM.
Updated

[Trevuren]

How to Temporarily Disable your Firewall



AntiVir Premium Suite
Please navigate to the system tray on the bottom right hand corner and look for this sign

• Right click it-> untick the option AntiVir Guard enable.
• You should now see a closed, white umbrella on a red background (like this: )
• You successfully disabled the AntiVir Premium Suite Guard.

AVG Antivirus Plus Firewall
Please navigate to the system tray on the bottom right hand corner and look for this sign.

• Right click it-> select Quit Control Center.
• A warning will pop up, click "Yes"
• You successfully disabled the AVG Antivirus Plus Firewall Guard.

CA Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for the following sign.

• Right click it-> hover (mouse-over) over CA Personal Firewall menue option. A sub-menu will popup.
• Please chose "Disable CA Personal Firewall"
• Unfortunately the system tray icon does not change, so if you want to double-check whether or not you successfully disabled the Firewall, do the above steps again and look for "Enable CA Personal Firewall." If this is the case, then you successfully disabled the CA Personal Firewall Guard.

Comodo Firewall Pro (free Personal)

• Right-click the system tray icon.
• Select Exit.
• On the Pop up window, Click the Yes button.
• You successfully disabled Comodo Firewall.

F-Secure Internet Security Suite
Please navigate to the system tray on the bottom right hand corner and look for a blue sign.

• Right click it-> select Unload.
• Select: "Unload and allow all network traffic"
• Select Unload to confirm deactivation of F-Secure Internet Security
• You will be asked to enter your Parental Control Password. Please enter it and click "OK."
• The F-Secure sign should now be surrounded by a red striked through circle (looking like this: )
• You successfully disabled the F-Secure Guard.

Jetico Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for this sign (the arrows could also be filled with green color instead of grey, indicating that the Firewall currently detects traffic).

• Right click it->click on the option Shutdown Firewall.
• You successfully disabled the Jetico Personal Firewall Guard.

Kaspersky Internet Suite
Please navigate to the system tray on the bottom right hand corner and look for a sign.

• Right click it-> select Pause Protection.
• Click on -> By User Request
• A popup will claim that protection is now disabled and a sign like this: will now be shown.
• You successfully disabled the Kaspersky Internet Suite Guard.

Lavasoft Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for either one of the following three (the sign varies depending on the settings you chose on your PC) / / signs.

• Right click it-> select Exit.
• You will be confronted with a popup saying that you are no longer protected and will disable the Firewall. Click on "Yes."
• You successfully disabled the Lavasoft Personal Firewall Guard.

Norton Internet Security or Norton Personal Firewall
Please refer to these instructions.

Norton decided to install in German for me, although it never asked. According to the help file, you can also do it the following way (translated into English):

• Please open Norton Internet Security Center by clicking the system tray icon and chosing the appropriate option.
• Now click on the tab "Norton Internet Security" and click on "Settings."
• Click the Internet Usage option "Personal Firewall."
• Click "deactivate"

After a tortorous and never seeming to end install of this crapware, I would appreciate if you either agree to use the first option, or to double check for me. I am not really fond of tricking Norton to think I am not a silly German and allowing me to download a proper installer....

Agnitum Outpost Firewall Pro
Please navigate to the system tray on the bottom right hand corner and look for either one of the following three (the sign varies depending on the settings you chose on your PC) / / signs.

• Right click it-> select "Firewall Policy...".
• Chose "Disable."
• You will now see a sign like this in the systemtray.
• You successfully disabled the Agnitum Outpost Firewall Pro Guard.

Panda Internet Security Suite
Please navigate to the system tray on the bottom right hand corner and look for a sign that looks like a Pandabear head.

• Right click it-> select "Close automatic protection.".
• A message will pop up and warn you about disabling the protection. Chose "Yes."
• The above sign in the systemtray will now disapear.
• You successfully disabled the Panda Internet Security Guard.

PC Tools Firewall Plus
Please navigate to the system tray on the bottom right hand corner and look for this sign

• Right click it->click on the option Disable Firewall.
• You should now see a sign like this:
• You successfully disabled the PC Tools Firewall Plus Guard.

Radialpoint Security Services
Please navigate to the system tray on the bottom right hand corner and look for the following sign.

• Right click it-> select "Exit.".
• A message will pop up and warn you about disabling the protection. Chose "Yes."
• The above sign in the systemtray will now disapear.
• You successfully disabled the Radialpoint Security Services Guard.

Sygate Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for the following sign.

• Right click it-> select "Exit Firewall".
• A message will pop up and warn you about disabling the protection. Chose "Yes."
• The above sign in the systemtray will now disapear.
• You successfully disabled the Sygate Personal Firewall Guard.

Windows Firewall (XP, Vista, Windows 7)
Please refer to these instructions.

ZoneAlarm Firewall
Please refer to these instructions.

Edited by CatByte, 17 February 2012 - 04:57 PM.
Updated

[LDTate]

Updated