Antivir 2010 video: (thanks to roguemp)
Most of the time, Antivir malware is distributed through the use of fake online scanners and bogus video websites. Very often it's promoted on Facebook or similar websites. Rule number one: don't open any pages and don't click on any links from people you don't know. Don't accept invitations unless you know what you are doing. Non of the anti-virus programs will protect you if you click on every link or ad without thinking. Be smart! Couple of fake Antivir 2010 alerts are shown below.
"Trojan:W32/Inject Activity Detected
Trojan:W32/Inject is a large family of malware that secretly
makes changes to the Windows Registry. Variants in the
family make also makes changes to other running processes."
"Antivir Resident Shield: Virus Detected
Warning! Active virus detected
Infected file: C:\Windows\System32\notepad.exe"
The rogue program also install malicious add-on in Internet Explorer and displays misleading warnings that state "Warning! Visiting this site may harm your computer!" You need to remove this add-on first because if you use Internet Explorer only then you won't be able to download Antivir 2010 removal tools listed in the free removal guide below. As you cane see, this program is absolutely useless. Don't buy it! If you already purchased it then contact your credit card company and dispute the charges. If you have any questions about this virus and how to remove it don't hesitate and ask. Good luck!
Antivir 2010 removal instructions:
1. Remove malicious add-on in Internet Explorer (if use use another browser proceed to step 2). Open Internet Explorer. In Internet Explorer go to: Tools-> Internet Options->Manage Add-ons. Look for UpdateCheck.dll and disable it, click OK. Close Internet Explorer and start it once again.
2. Download one of the following legitimate anti-malware applications and run a quick system scan. Don't forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.
NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.
Antivir 2010 files and registry values:
Files and folder:
- C:\Program Files\Common Files\Uninstall\AV
- C:\WINDOWS\system32\UpdateCheck.dll
- C:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
- C:\Documents and Settings\Auto Infoistrator\Desktop\Antivir.lnk
- C:\Program Files\AV\antivir.exe
- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
- HKEY_CLASSES_ROOT\CLSID\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
- HKEY_CURRENT_USER\SOFTWARE\XML
- HKEY_CURRENT_USER\Environment\evapp
- HKEY_CURRENT_USER\Environment\evuninst
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av
Share this information with other people:
No comments:
Post a Comment