(Thanks to rogueamp for making this video)
As a typical rogue anti-virus program, AV Defender 2011 is promoted through the use of fake online scanners and Trojans. Some people say that this rogue program came up like from nowhere and that they didn't ask for it to be installed. In such case, it could be that your computer was already infected with a Trojan virus and you obviously didn't know that. Trojan virus then downloaded the rogue program onto your computer without your knowledge or permission. Malware authors also use various misleading social engineering tactics in order to distribute their fake security products. AVDefender 2011 doesn't have uninstall options and it blocks other legitimate programs on your computer. It disables Task Manager and other system utilities. Furthermore, it displays fake security alerts claiming that harmful and risky programs were detected on your computer.
Windows Security Alert
Application NOTEPAD.EXE has crashed because of Conficker.Worm.Virus
AVDefender 2011
Harmful and risky software is detected!
Strongly recommended to register AVDefender 2011 to remove these threats immediately.
Google Security Warning!
Warning
We have discovered a vulnerability related to Microsoft software that could allow a virus or other malicious program to harm your system or personal files or to steal personal information stored on your computer.
It hijacks Internet Explorer and redirects users to fake pay pages, for example av-downloadcenter.com.
If you find that your computer is infected with AV Defender 2011 please uninstall it upon detection. You can remove AVDefender2011 files manually. But most of the time, rogue programs come bundled with other malware, Trojans and rootkits, so it would be a lot better if you ran a quick system scan with update anti-malware software. Please follow AVDefender 2011 removal instructions below. Finally, if you have any questions or useful tips that could help other users to remove this virus, please don't hesitate and leave a comment. Good luck and be safe online!
AVDefender 2011 removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
AVDefender 2011 removal instructions using HijackThis (in Normal mode):
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for such entry(ies) in the scan results:
F2 - REG:system.ini: Shell=C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
3. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
AVDefender 2011 associated files and registry values:
Files:
For Windows XP users:
- C:\Documents and Settings\UserName\Application Data\AVDefender2011\
- C:\Documents and Settings\UserName\Application Data\AVDefender2011\AVDefender2011.ini
- C:\Documents and Settings\UserName\Application Data\AVDefender2011\history.dat
- C:\Documents and Settings\UserName\Application Data\AVDefender2011\result.dat
- C:\Documents and Settings\UserName\Application Data\AVDefender2011\vlc.dat
- C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\
- C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\sk.lst
- C:\Documents and Settings\UserName\Start Menu\AVDefender2011\
- C:\Documents and Settings\UserName\Start Menu\AVDefender2011\AVDefender2011.lnk
- C:\Users\UserName\AppData\Roaming\AVDefender2011\
- C:\Users\UserName\AppData\Roaming\AVDefender2011\AVDefender2011.ini
- C:\Users\UserName\AppData\Roaming\AVDefender2011\history.dat
- C:\Users\UserName\AppData\Roaming\AVDefender2011\result.dat
- C:\Users\UserName\AppData\Roaming\AVDefender2011\vlc.dat
- C:\Users\UserName\AppData\Roaming\[RANDOM CHARACTERS]\
- C:\Users\UserName\AppData\Roaming\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- C:\Users\UserName\AppData\Roaming\[RANDOM CHARACTERS]\sk.lst
- C:\Users\UserName\Start Menu\AVDefender2011\
- C:\Users\UserName\Start Menu\AVDefender2011\AVDefender2011.lnk
- HKEY_CURRENT_USER\Software\AVDefender 2011
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe"
No comments:
Post a Comment