AVDefender 2011

August 27, 2010

What is AVDefender 2011?

AVDefender 2011 is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.

Screenshots:

Additional Information:

Methods of Infection:

AVDefender 2011 is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.

Previous Versions:

AVDefender 2011 comes from the same family of rogues that includes Security Suite, AV Security Suite, Antivir Solution Pro and Antivirus System Pro.

What it Does:

AVDefender 2011 will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as AVDefender 2011 is not legitimate software and is actually a spyare infection.  AVDefender 2011 can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that AVDefender 2011 poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created AVDefender 2011 will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional Security Suite Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of AVDefender 2011 unless are a trained computer professional.  AVDefender 2011 is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

  • .exe
  • tssd.exe
  • shdw.exe

2. Delete Following Files and Directories

Windows XP

  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\\
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\\shdw.exe
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\\tssd.exe
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\\InstallParams.lst
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\AVDefender2011\
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\AVDefender2011\vlc.dat
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\AVDefender2011\history.dat
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\AVDefender2011\
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\AVDefender2011\AVDefender2011.lnk
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\AVDefender2011\AVDefender2011.ini
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\AVDefender2011\result.dat
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\>\.exe
  • C:\Documents and Settings\%UserProfile%\Local Settings\Application Data\\sk.lst
  • C:\Documents and Settings\%UserProfile%\Start Menu\AVDefender2011\
  • C:\Documents and Settings\%UserProfile%\Start Menu\AVDefender2011\AVDefender2011.lnk

Windows 7 and Windows Vista

  • C:\Users\%UserProfile%\AppData\Roaming\\
  • C:\Users\%UserProfile%\AppData\Roaming\\shdw.exe
  • C:\Users\%UserProfile%\AppData\Roaming\\tssd.exe
  • C:\Users\%UserProfile%\AppData\Roaming\\InstallParams.lst
  • C:\Users\%UserProfile%\AppData\Roaming\AVDefender2011\
  • C:\Users\%UserProfile%\AppData\Roaming\AVDefender2011\vlc.dat
  • C:\Users\%UserProfile%\AppData\Roaming\AVDefender2011\history.dat
  • C:\Users\%UserProfile%\AppData\Roaming\AVDefender2011\
  • C:\Users\%UserProfile%\AppData\Roaming\AVDefender2011\AVDefender2011.lnk
  • C:\Users\%UserProfile%\AppData\Roaming\AVDefender2011\AVDefender2011.ini
  • C:\Users\%UserProfile%\AppData\Roaming\AVDefender2011\result.dat
  • C:\Users\%UserProfile%\AppData\Roaming\>\.exe
  • C:\Users\%UserProfile%\AppData\Roaming\\sk.lst
  • C:\Users\%UserProfile%\Start Menu\AVDefender2011\
  • C:\Users\%UserProfile%\Start Menu\AVDefender2011\AVDefender2011.lnk 

3. Delete the Following Registry Keys:

  • HKEY_CURRENT_USER\Software\AVDefender 2011
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%AppData%\\.exe”

Important:

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that AVDefender 2011 will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that AVDefender 2011 is completely removed from your computer.

Posted by admin | Filed Under Rogue Antispyware Programs | Leave a Comment 

Advanced Security Tool 2010

August 21, 2010

What is Advanced Security Tool 2010?

Advanced Security Tool 2010 is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.

Screenshots:

Additional Information:

Methods of Infection:

Advanced Security Tool 2010 is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.

Previous Versions:

Advanced Security Tool 2010 comes from the same family of rogues that includes Security Shield 2010

What it Does:

Advanced Security Tool 2010 will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Security Suite is not legitimate software and is actually a spyare infection. Advanced Security Tool 2010 can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that Advanced Security Tool 2010 poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Advanced Security Tool 2010 will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional Security Suite Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of Advanced Security Tool 2010 unless are a trained computer professional.  Advanced Security Tool 2010 is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

asectool.exe

2. Delete Following Files and Directories

Windows XP

  • %UserProfile%\asr.dat
  • %UserProfile%\Application Data\1tmp.bat
  • %UserProfile%\Application Data\asectool.exe
  • %UserProfile%\Application Data\scan.dll
  • %UserProfile%\Application Data\secmof.tmp
  • %UserProfile%\Desktop\Advanced Security Tool 2010.LNK
  • %UserProfile%\Start Menu\Advanced Security Tool 2010.LNK

Windows 7 and Windows Vista

  • %UserProfile%\asr.dat
  • c:\ProgramData\1tmp.bat
  • c:\ProgramData\asectool.exe
  • c:\ProgramData\scan.dll
  • c:\ProgramData\secmof.tmp
  • %UserProfile%\Desktop\Advanced Security Tool 2010.LNK
  • %UserProfile%\Start Menu\Advanced Security Tool 2010.LNK

3. Delete the Following Registry Keys:

  • HKEY_CURRENT_USER\Software\Advanced Security
  • KEY_CLASSES_ROOT\BrcWizApp.BrcWiz
  • HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1
  • HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}
  • HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
  • HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
  • HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}
  • HKEY_CURRENT_USER\Software\Microsoft “adver_id” = “29″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe;”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AdvSecTool”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “rundll32″ = “”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\asectool.exe” /sn”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = “0″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “rundll32″ = “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “explorer.exe C:\WINDOWS\system32\ntload.exe”

Important:

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Advanced Security Tool 2010 will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Advanced Security Tool 2010 is completely removed from your computer.

Posted by admin | Filed Under Rogue Antispyware Programs | 1 Comment 

Security Suite

August 12, 2010

What is Security Suite?

Security Suite is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.

Screenshots:

Additional Information:

Methods of Infection:

Security Suite is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.

Previous Versions:

Security Suite comes from the same family of rogues that includes Antivir Solution Pro and AV Security Suite.

What it Does:

Security Suite will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Security Suite is not legitimate software and is actually a spyare infection. Security Suite can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that Security Suite poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Security Suite will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional Security Suite Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of Security Suite unless are a trained computer professional. Security Suite is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

<random>shdw.exe

2. Delete Following Files and Directories

Windows XP

  • %UserProfile%\Local Settings\Application Data\<random>\
  • %UserProfile%\Local Settings\Application Data\<random>\<random>shdw.exe

Windows 7 and Windows Vista

  • c:\ProgramData\<random>\
  • c:\ProgramData\<random>\<random>shdw.exe

3. Delete the Following Registry Keys:

  • HKEY_CURRENT_USER\Software\wnxmal
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “<random>”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″

Important:

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Security Suite will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that AV Security Suite is completely removed from your computer.

Posted by admin | Filed Under Rogue Antispyware Programs | Leave a Comment 

Wireshark Antivirus

August 10, 2010

What is Wireshark Antivirus?

Wireshark Antivirus is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

Screenshots:

Additional Information:

Methods of Infection:

Wireshark Antivirus is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites, popular social networking sites like Facebook and MySpace, and in torrent downloads.

Previous Versions:

Wireshark Antivirus comes from the same family of rogues that includes SysInternals Antivirus.

What it Does:

Wireshark Antivirus will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Wireshark Antivirus is not legitimate software and is actually a spyare infection. Sysinternals Antivirus can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that Wireshark Antivirus poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Wireshark Antivirus will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional Sysinternals Antivirus Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of Wireshark Antivirus unless are a trained computer professional. Wireshark Antivirus is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

alggui.exe
Wireshark Antivirus.exe
svchost.exe

2. Delete Following Files and Directories

  • c:\Program Files\adc_w32.dll
  • c:\Program Files\alggui.exe
  • c:\Program Files\extra1.dat
  • c:\Program Files\extra2.dat
  • c:\Program Files\nuar.old
  • c:\Program Files\skynet.dat
  • c:\Program Files\svchost.exe
  • c:\Program Files\wp3.dat
  • c:\Program Files\wp4.dat
  • c:\Program Files\scdata
  • c:\Program Files\scdata\dbsinit.exe
  • c:\Program Files\scdata\wispex.html
  • c:\Program Files\scdata\images
  • c:\Program Files\scdata\images\i1.gif
  • c:\Program Files\scdata\images\i2.gif
  • c:\Program Files\scdata\images\i3.gif
  • c:\Program Files\scdata\images\j1.gif
  • c:\Program Files\scdata\images\j2.gif
  • c:\Program Files\scdata\images\j3.gif
  • c:\Program Files\scdata\images\jj1.gif
  • c:\Program Files\scdata\images\jj2.gif
  • c:\Program Files\scdata\images\jj3.gif
  • c:\Program Files\scdata\images\l1.gif
  • c:\Program Files\scdata\images\l2.gif
  • c:\Program Files\scdata\images\l3.gif
  • c:\Program Files\scdata\images\pix.gif
  • c:\Program Files\scdata\images\t1.gif
  • c:\Program Files\scdata\images\t2.gif
  • c:\Program Files\scdata\images\Thumbs.db
  • c:\Program Files\scdata\images\up1.gif
  • c:\Program Files\scdata\images\up2.gi
  • c:\Program Files\scdata\images\w1.gif
  • c:\Program Files\scdata\images\w11.gif
  • c:\Program Files\scdata\images\w2.gif
  • c:\Program Files\scdata\images\w3.jpg
  • c:\Program Files\scdata\images\word.doc
  • c:\Program Files\scdata\images\wt1.gif
  • c:\Program Files\scdata\images\wt2.gif
  • c:\Program Files\scdata\images\wt3.gif
  • c:\Program Files\Wireshark Antivirus
  • c:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
  • c:\ProgramData\Wireshark Antivirus
  • c:\ProgramData\Wireshark Antivirus\Wireshark Antivirus.lnk

3. Delete the Following Registry Keys:

  • HKEY_CURRENT_USER\Software\Wireshark Antivirus
  • HKEY_USERS\.DEFAULT\Software\Wireshark Antivirus
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adbupd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256d5-e103-4523-bb43-2cfb066839d6}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{149256d5-e103-4523-bb43-2cfb066839d6}
  • HKEY_CLASSES_ROOT\CLSID\{149256d5-e103-4523-bb43-2cfb066839d6}

Important:

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Wireshark Antivirus will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Wireshark Antivirus is completely removed from your computer.

Posted by admin | Filed Under Rogue Antispyware Programs | Leave a Comment 

Antivirus

August 4, 2010

What is Antivirus?

Antivirus is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.

Recommended Removal Method:

Automatic Detection and Removal Using Spyware Doctor:

If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.

Screenshots:

Additional Information:

Methods of Infection:

Antivirus is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.

Previous Versions:

Antivirus comes from the same family of rogues that includes Security Master AV

What it Does:

Antivirus will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivirus is not legitimate software and is actually a spyare infection. Antivirus can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.

The larger threat that Antivirus poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Antivirus will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.

 

Optional Antivirus Removal Method – Manual Deletion (Not Recommended)

***Please note we highly recommend not attempting manual removal of Antivirus 7 unless you are a trained computer professional. Antivirus is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***

If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.

1. Delete the Following Processes:

AnVi.exe

2. Delete Following Files and Directories

Windows XP

  • c:\Program Files\AnVi\
    c:\Program Files\AnVi\about.ico
    c:\Program Files\AnVi\activate.ico
    c:\Program Files\AnVi\avt.db
    c:\Program Files\AnVi\avt.exe
    c:\Program Files\AnVi\avtext.dll
    c:\Program Files\AnVi\avthook.dll
    c:\Program Files\AnVi\buy.ico
    c:\Program Files\AnVi\help.ico
    c:\Program Files\AnVi\scan.ico
    c:\Program Files\AnVi\settings.ico
    c:\Program Files\AnVi\splash.mp3
    c:\Program Files\AnVi\Uninstall.exe
    c:\Program Files\AnVi\update.ico
    c:\Program Files\AnVi\virus.mp3
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
    %UserProfile%\Desktop\Antivirus Support.lnk
    %UserProfile%\Desktop\Antivirus.lnk
    %UserProfile%\Desktop\nudetube.com.lnk
    %UserProfile%\Desktop\pornotube.com.lnk
    %UserProfile%\Desktop\spam001.exe
    %UserProfile%\Desktop\spam003.exe
    %UserProfile%\Desktop\troj000.exe
    %UserProfile%\Desktop\youporn.com.lnk
    %UserProfile%\Local Settings\Temp\wmsdk64_32.exe
    %UserProfile%\Local Settings\Temp\wscsvc32.exe
    %UserProfile%\Start Menu\Programs\AnVi\
    %UserProfile%\Start Menu\Programs\AnVi\About.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Activate.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Antivirus Support.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Antivirus.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Buy.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Scan.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Settings.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Update.lnk

Windows Vista and Windows 7

  • c:\Program Files\AnVi\
    c:\Program Files\AnVi\about.ico
    c:\Program Files\AnVi\activate.ico
    c:\Program Files\AnVi\avt.db
    c:\Program Files\AnVi\avt.exe
    c:\Program Files\AnVi\avtext.dll
    c:\Program Files\AnVi\avthook.dll
    c:\Program Files\AnVi\buy.ico
    c:\Program Files\AnVi\help.ico
    c:\Program Files\AnVi\scan.ico
    c:\Program Files\AnVi\settings.ico
    c:\Program Files\AnVi\splash.mp3
    c:\Program Files\AnVi\Uninstall.exe
    c:\Program Files\AnVi\update.ico
    c:\Program Files\AnVi\virus.mp3
    c:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
    %UserProfile%\Desktop\Antivirus Support.lnk
    %UserProfile%\Desktop\Antivirus.lnk
    %UserProfile%\Desktop\nudetube.com.lnk
    %UserProfile%\Desktop\pornotube.com.lnk
    %UserProfile%\Desktop\spam001.exe
    %UserProfile%\Desktop\spam003.exe
    %UserProfile%\Desktop\troj000.exe
    %UserProfile%\Desktop\youporn.com.lnk
    %UserProfile%\Local Settings\Temp\wmsdk64_32.exe
    %UserProfile%\Local Settings\Temp\wscsvc32.exe
    %UserProfile%\Start Menu\Programs\AnVi\
    %UserProfile%\Start Menu\Programs\AnVi\About.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Activate.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Antivirus Support.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Antivirus.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Buy.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Scan.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Settings.lnk
    %UserProfile%\Start Menu\Programs\AnVi\Update.lnk

3. Delete the Following Registry Keys:

  • HKEY_CURRENT_USER\Software\Malware Defense
    HKEY_CURRENT_USER\Software\Paladin Antivirus
    HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
    HKEY_LOCAL_MACHINE\SOFTWARE\AnVi
    HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus
    HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus”
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “wmsdk64_32.exe”

Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivirus will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.

This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivirus is completely removed from your computer

Posted by admin | Filed Under Rogue Antispyware Programs | Leave a Comment 

What is Spyware?

According to Wikipedia, Spyware is defined as computer software that is installed on a user's computer without their knowledge or consent, that is designed to intercept or take partial control over the user's interaction wih the computer. But that definition is actually incomplete.

Read More About Spyware Here...

Spyware Prevention

Spyware has become more and more dangerous each day. In the past, it was merely considered an annoyance and caused performance issues on your computer but today that reality is entirely different.

Read More on Spyware Prevention Here...

Latest Spyware Threats