[KB3035] How do I use the ESET Rogue Application Remover (ERAR)?

Issue

  • Your computer is infected with a rogue application (for example "Internet Security Pro")
  • A rogue application has made undesired changes to your registry

Experienced Windows users

You can run this tool from Command prompt. Click the link below for instructions:

 

Details

For each of the following messages you may receive when using ESET Rogue Application Remover, follow the recommended action to resolve:

Would you like to perform a reboot? Please run the scanner thereafter!
In some cases it may be necessary to restart your system to remove resilient threats. Reasons for restarting include performing advanced detection using the boot scan, deletion of a file that requires a restart or the detection of a suspicious application. Do not forget to save important documents/data before restarting.
 

Would you like to submit a report/ previously unsent report/ event log to ESET Live Grid?
The LiveGrid® Early Warning System collects data that ESET users have submitted worldwide and sends it to the ESET Virus Lab. Click to learn more about ESET Live Grid.
 

Do you want to open the website now?
You may be prompted before opening a website that could exploit a security issue recognized by your ESET product. To make sure that you are maintaining a high level of system security make sure that your ESET product has the latest detection engine. If you suspect that your system is infected, visit our Knowledgebase article about preliminary malware troubleshooting.
 

Cannot reboot windows. Please reboot your computer manually!
Restart your system and perform an in-depth scan.
 

Minimum supported operating system is Windows XP
Upgrade your operating system.
 

Cannot grant required privileges!
Try running ESET Rogue Application Remover using the Administrator account.
 

Please use 64-bit application version!
Download the 64-bit version of ESET Rogue Application Remover
 

Internet connection is inactive!
We recommend that you check your internet connection. Some features of ESET Rogue Application remover are only available on systems with an active internet connection.

Solution

  1. Download the ESET Rogue Application Remover by clicking the appropriate link for your system type below. Which version of Microsoft Windows do I have?

    32-bit Download    64-bit Download

  2. Save the file to your Desktop. When the download completes, navigate to the file, right-click it and select Run as administrator.

    Important!

    If you download the wrong version of the tool, the error below will be displayed when you attempt to run the tool. Download the correct version of the tool and run it again to resolve this error.

    Figure 1-1


     
  3. Click Accept to accept the End-User License Agreement (EULA).

Figure 1-2

 

  1. Press any key on your keyboard to exit the tool.

Figure 1-3


 

Running the ESET Rogue Application Remover (ERAR) from the command prompt

 

  1. Click Start → All Programs → Accessories. Right-click Command Prompt and choose Run as administrator from the context menu.

Windows 8 users:  Right-click the Start icon and select Command Prompt (Admin) from the context menu. 

  1. Type CD Desktop and press Enter.
     
  2. Type ERARemover_x86.exe (or ERARemover_x64.exe if you previously downloaded 64-bit version of ERAR) to run the tool. A new window will open in which the tool will execute.

    Important!

    Use the /? to see a list of optional switches. Switches include: 

    [/r|-r] restore changes [refer to examples]
    [/a|-a] restore all changes
    [/c|-c] cleanup program data
    [/e|-e] accept EULA
    [/s|-s] silent mode
    [/u|-u] submit a report to ESET Live Grid
    [/h|-h] display this help

    Examples:
    /a -> restore all changes
    /r -> print quarantine
    /r n -> restore item n from quarantine

  3. Follow the on-screen directions to complete the scan.

 

Need Assistance in North America?

If you are a North American ESET customer and need assistance, view product documentation or visit helpus.eset.com to chat with a live technician.