Tuesday, March 23, 2010

Bullguard FakeAlert.5 Remedy if your PC is still running

If you have not rebooted and the PC is still running with the bad signature, there is good hope you can save it (with my experience).

1. Do not click on the prompts which indicates files to be quarantine. Just fire up the Bullguard GUI and disable the antivirus component. (YES, this is a REAL bad thing to do...). The prompt will all disappears but the remaining files will NOT be quarantine.

2. Open up your quarantine folder and restore all the files (PLEASE, I DO NOT MEAN THE FILES! JUST THOSE WITH INFECTED BY FAKEALERT.5!) before its too late. Some people claim you can still run a update and get the "patched" signature. For me, it did not work. Check to see that the time of the signature did not change.

3. Now think of any other things you would want to do including backup of important files etc before you go ahead and reboot the machine. Notice I did not use the "patch" issued by Bullguard? You may want to uninstall Bullguard now, but I leave it for now, hoping I can do a update after the reboot so that things goes back into places.

4. Sad thing is after the reboot, most is saved, except Bullguard itself. I am no longer able to update. So its time to finally uninstall it. Do check that there is no more entries in the quarantine that is affected by FakeAlert.5. Do take note to save your settings during uninstall. The only thing that went bad was the antivirus signature, so you can still save your rules etc (IF you still want to use Bullguard...). Reboot again as required by Bullguard. But perhaps before that, grab the latest version of Bullguard (9.0) from their website first so that you can reinstall immediately after reboot.

5. Yes, everything should still work. Reinstall Bullguard, reboot (yes, again), and update the signature again. Everything should work this time.

Now, for me it wasn't so bad. I guess its all about keeping your cool and planning this just like any other disaster recover process.

I just hope everyone was so lucky...

