Here's a screenshot of what a fake online scanner looks like:
"Antivirus Clean 2011 - Malware detected" warning which would pop-up every minute or so.
This is another fake warning which "reminds" you about very dangerous infections found on your computer.
If you choose to remove the supposedly found viruses from your computer, Antivirus Clean 2011 will redirect you to a payment page as shown in the image below.
By the way, Antivirus Clean 2011 is configured to start automatically when Windows starts. It launches two processes avc2011.exe and avservice.exe. Unfortunately, you can't close this rogue anti-virus using task manager. But it doesn't block web browsers, at least this version of Antivirus Clean 2011 that we ran on our test machine. So, you should be able to download legitimate malware removal tools without any problems. In case, you've ended up with more aggressive version of this scareware and you can download malware removal tools, please reboot your computer in safe mode with networking. See the removal instructions below. Last, but not least, if you have already purchased this bogus software, please contact your credit card company and dispute the charges. There is no guarantee that your credit card details aren't going to be sold to other third parties. If you have any questions or additional information about this malware, please leave a comment below. Good luck and be safe online!
Antivirus Clean 2011 removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Associated Antivirus Clean 2011 files and registry values:
Files:
- C:\Program Files\Antivirus Clean 2011\avc2011.exe
- C:\Program Files\Antivirus Clean 2011\avservice.exe
- C:\Program Files\Antivirus Clean 2011\avsetup.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntivirusClean"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "avservice"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "avc2011.exe"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "avservice.exe"
- HKEY_CURRENT_USER\Software\WinRAR SFX "C:\Program Files\Antivirus Clean 2011\"
No comments:
Post a Comment