Antivir Solution Pro

July 14, 2010

What is Antivir Solution Pro?

Antivir Solution Pro is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.

Screenshots:

Additional Information:

Methods of Infection:

Antivir Solution Pro is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.

Previous Versions:

Antivir Solution Pro comes from the same family of rogues that includes Antivirus Soft, Antispyware Soft and AV Security Suite.

What it Does:

Antivir Solution Pro will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivir Solution Pro is not legitimate software and is actually a spyare infection. Antivir Solution Pro can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that Antivir Solution Pro poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Antivir Solution Pro will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional Antivir Solution Pro Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of Antivir Solution Pro unless are a trained computer professional. Antivir Solution Pro is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

<random>.exe

2. Delete Following Files and Directories

Windows XP

  • %UserProfile%\Local Settings\Application Data\<random>
  • %UserProfile%\Local Settings\Application Data\<random>\<random>.exe

Windows 7 and Windows Vista

  • c:\ProgramData\<random>
  • c:\ProgramData\<random>\<random>tssd.exe

3. Delete the Following Registry Keys:

  • HKEY_CURRENT_USER\Software\avsecpro
  • HKEY_CURRENT_USER\Software\avsuite
  • HKEY_LOCAL_MACHINE\SOFTWARE\avsecpro
  • HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “<local>”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “<random>”

Important:

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivir Solution Pro will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivir Solution Pro is completely removed from your computer.

Posted by admin | Filed Under Rogue Antispyware Programs | Leave a Comment 

Antivirus GT

July 5, 2010

What is Antivirus GT?

Antivirus GT is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.

Screenshots:

Additional Information:

Methods of Infection:

Antivirus GT is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.

Previous Versions:

Antivirus GT comes from the same family of rogues that includes Antivirus 7

What it Does:

Antivirus GT will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivirus GT is not legitimate software and is actually a spyare infection. Antivirus 7 can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that Antivirus GT poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Antivirus GT will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional Antivirus GT Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of Antivirus GT unless you are a trained computer professional. Antivirus GT is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

antivirus7.exe

2. Delete Following Files and Directories

Windows XP

  • c:\Documents and Settings\All Users\Start Menu\AVGT
  • c:\Documents and Settings\All Users\Start Menu\AVGT\AntivirusGT.lnk
  • c:\Documents and Settings\All Users\Start Menu\AVGT\Uninstall.lnk
  • c:\Program Files\AVGT
  • c:\Program Files\AVGT\antivirusGT.exe
  • c:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
  • c:\WINDOWS\system32\UpdateExplorer.dll
  • %UserProfile%\Desktop\AntivirusGT.lnk

Windows Vista and Windows 7

  • c:\ProgramData\Start Menu\AVGT
  • c:\ProgramData\Start Menu\AVGT\AntivirusGT.lnk
  • c:\ProgramData\Start Menu\AVGT\Uninstall.lnk
  • c:\Program Files\AVGT
  • c:\Program Files\AVGT\antivirusGT.exe
  • c:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
  • c:\WINDOWS\system32\UpdateExplorer.dll
  • %UserProfile%\Desktop\AntivirusGT.lnk

3. Delete the Following Registry Keys:

  • HKEY_CURRENT_USER\Software\EVA246
  • HKEY_CLASSES_ROOT\CLSID\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
  • Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AVGT”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-EVI 12.03.2010″

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivirus GT will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivirus 7 is completely removed from your computer

Posted by admin | Filed Under Rogue Antispyware Programs, Top Rogue Threats | Leave a Comment 

PC Defender Antivirus

July 2, 2010

What is PC Defender Antivirus?

PC Defender Antivirus is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.

Screenshots:

Additional Information:

Methods of Infection:

PC Defender Antivirus is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.

Previous Versions:

PC Defender Antivirus comes from the same family of rogues that includes PC Defender 2010

What it Does:

PC Defender Antivirus will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as PC Defender Antivirus is not legitimate software and is actually a spyare infection. PC Defender Antivirus can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that PC Defender Antivirus poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created PC Defender Antivirus will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional PC Defender Antivirus Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of PC Defender Antivirus unless you are a trained computer professional. PC Defender Antivirus is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

cntdef.exe

2. Delete Following Files and Directories

  • c:\Program Files\thcrkrj0etfg
  • c:\Program Files\thcrkrj0etfg\database.dat
  • c:\Program Files\thcrkrj0etfg\license.txt
  • c:\Program Files\thcrkrj0etfg\MFC71.dll
  • c:\Program Files\thcrkrj0etfg\MFC71ENU.DLL
  • c:\Program Files\thcrkrj0etfg\msvcp71.dll
  • c:\Program Files\thcrkrj0etfg\msvcr71.dll
  • c:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe
  • c:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe.local
  • c:\Program Files\thcrkrj0etfg\uninstall.exe
  • c:\Documents and Settings\All Users\Desktop\PC Defender 2008.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender Antivirus
  • c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender Antivirus.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender Antivirus\How to Register PC Defender Antivirus.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender Antivirus\License Agreement.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender Antivirus\PC Defender Antivirus.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender Antivirus\Register PC Defender Antivirus.lnk
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Defender Antivirus.lnk
  • %UserProfile%\Application Data\thcrkrj0etfg
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKCU
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKLM
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\BrowserObjects
  • %UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Packages

3. Delete the Following Registry Keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\thcrkrj0etfg
  • HKEY_LOCAL_MACHINE\SOFTWARE\thcrkrj0etfg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “pcdefender2008″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “SMthcrkrj0etfg”

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that PC Defender Antivirus will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that PC Defender Antivirus is completely removed from your computer

Posted by admin | Filed Under Rogue Antispyware Programs | Leave a Comment 

What is Spyware?

According to Wikipedia, Spyware is defined as computer software that is installed on a user's computer without their knowledge or consent, that is designed to intercept or take partial control over the user's interaction wih the computer. But that definition is actually incomplete.

Read More About Spyware Here...

Spyware Prevention

Spyware has become more and more dangerous each day. In the past, it was merely considered an annoyance and caused performance issues on your computer but today that reality is entirely different.

Read More on Spyware Prevention Here...

Latest Spyware Threats