Rogue Antivirus Registered in Security Center


Rogue Antivirus Registered in Security Center


Symptom/Sign of Problem

A rogue antivirus shows in Security Center (XP/Vista), Action Center (Windows 7).


Fix Steps:
Step 1: Open Wbemtest
Click Start > Run (XP)
Click Start > Start Search (Vista)
Click Start > Search Programs and Files (Win7)

Type “wbemtest” and push enter.

Note:This utility must be run as administrator in Vista and Windows 7

Step 2: Connect to SecurityCenter using WBEMtest

Click Connect button
In the Namespace field type “root\securityCenter” and click Connect (XP & Vista Pre SP1).
In the Namespace field type “root\securityCenter2” and click Connect(Vista SP2 & Win7).


Step 3: Query SecuryCenter using WBEMtest

Click Query button
Enter query for the type of product it shows up under.(Antivirus, Antispyware, Firewall)

Select * From AntivirusProduct
Select * From AntispywareProduct
Select * From FirewallProduct

3.Click Apply

Note:A new “Query Result” window will open with 1 or more entries.

Step 4:Identify and Delete the Rogue Entry
1.Open each entry and exam the “displayName” property of each entry until you find the rogue entry. (Generally there’s less than 3 entries, so this won’t take long.)

2.Once you’ve identified the rogue highlight it in the “Query Result” window and press the delete button.

Note: When you open an entry a new window will open called “Object Editor for…”, you cannot delete the entry from this window.