Antivirus Action
October 11, 2010
What is Antivirus Action?
Antivirus Action is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.
Screenshots:
Additional Information:
Methods of Infection:
Antivirus Action is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Antivirus Action comes from the same family of rogues that includes Antivirus IS and Security Suite.
What it Does:
Antivirus Action will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivirus Action is not legitimate software and is actually a spyare infection. Antivirus Action can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Antivirus Action poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Antivirus IS will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Antivirus Action Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Antivirus Action unless are a trained computer professional. Antivirus Action is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
<random>agnz.exe
2. Delete Following Files and Directories
Windows XP
-
%UserProfile%\Local Settings\Application Data\<random>\
-
%UserProfile%\Local Settings\Application Data\<random>\<random>agnz.exe
Windows 7 and Windows Vista
-
c:\ProgramData\<random>\
-
c:\ProgramData\<random>\<random>agnz.exe
3. Delete the Following Registry Keys:
-
HKEY_CURRENT_USER\Software\wnxmal
-
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
-
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522″
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “<random>”
-
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″
Important:
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivirus Action will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivirus Action is completely removed from your computer.
Antivirus Studio 2010
October 3, 2010
What is Antivirus Studio 2010?
Antivirus Studio 2010 is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.
Screenshots:
Additional Information:
Methods of Infection:
Antivirus Studio 2010 is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Antivirus Studio 2010 comes from the same family of rogues that includes Desktop Security 2010.
What it Does:
Antivirus Studio 2010 will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivirus Studio 2010 is not legitimate software and is actually a spyare infection. Antivirus Studio 2010 can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Antivirus Studio 2010 poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Antivirus Studio 2010 will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Antivirus Studio 2010 Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Antivirus Studio 2010 unless are a trained computer professional. Antivirus Studio 2010 is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
- antivirusstudio2010.exe
- securitycenter.exe
- securityhelper.exe
2. Delete Following Files and Directories
Windows XP
-
%UserProfile%\Application Data\AntiVirus Studio 2010\
%UserProfile%\Application Data\AntiVirus Studio 2010\AntiVirus Studio 2010.exe
%UserProfile%\Application Data\AntiVirus Studio 2010\securitycenter.exe
%UserProfile%\Application Data\AntiVirus Studio 2010\securityhelper.exe
%UserProfile%\Application Data\AntiVirus Studio 2010\taskmgr.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\Activate AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\Help AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\How to Activate AntiVirus Studio 2010.lnk
Windows 7 and Windows Vista
-
c:\ProgramData\AntiVirus Studio 2010\
c:\ProgramData\AntiVirus Studio 2010\AntiVirus Studio 2010.exe
c:\ProgramData\AntiVirus Studio 2010\securitycenter.exe
c:\ProgramData\AntiVirus Studio 2010\securityhelper.exe
c:\ProgramData\AntiVirus Studio 2010\taskmgr.dll
c:\ProgramData\Microsoft\Internet Explorer\Quick Launch\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\Activate AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\Help AntiVirus Studio 2010.lnk
%UserProfile%\Start Menu\Programs\AntiVirus Studio 2010\How to Activate AntiVirus Studio 2010.lnk
3. Delete the Following Registry Keys:
-
HKEY_CURRENT_USER\Software\AntiVirus Studio 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Studio 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “2kowmeuswvw3″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AntiVirus Studio 2010″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecurityCenter”
Important:
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivirus Studio 2010 will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivirus Studio 2010 is completely removed from your computer.
Antivirus 8
October 3, 2010
What is Antivirus 8?
Antivirus 8 is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.
Screenshots:
Additional Information:
Methods of Infection:
Antivirus 8 is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Antivirus 8 comes from the same family of rogues that includes Personal Antivirus and Alpha Antivirus.
What it Does:
Antivirus 8 will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Antivirus 8 is not legitimate software and is actually a spyare infection. Antivirus 8 can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Antivirus 8 poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Antivirus IS will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Antivirus 8 Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Antivirus 8 unless are a trained computer professional. Antivirus 8 is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
av8.exe
2. Delete Following Files and Directories
Windows XP
-
c:\Documents and Settings\All Users\Start Menu\AV8\
c:\Documents and Settings\All Users\Start Menu\AV8\Antivirus8.lnk
c:\Documents and Settings\All Users\Start Menu\AV8\Uninstall.lnk
C:\Program Files\AV8\
C:\Program Files\AV8\av8.exe
%UserProfile%\Desktop\Antivirus8.lnk
Windows 7 and Windows Vista
-
c:\Documents and Settings\All Users\Start Menu\AV8\
c:\Documents and Settings\All Users\Start Menu\AV8\Antivirus8.lnk
c:\Documents and Settings\All Users\Start Menu\AV8\Uninstall.lnk
C:\Program Files\AV8\
C:\Program Files\AV8\av8.exe
%UserProfile%\Desktop\Antivirus8.lnk
3. Delete the Following Registry Keys:
-
HKEY_CURRENT_USER\Software\A88246
HKEY_CURRENT_USER\Software\WinFD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV8″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-A8I 23.09.2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe “Debugger” = “C:\Program Files\AV8\av8.exe -d”
Important:
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Antivirus 8 will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Antivirus 8 is completely removed from your computer.
-
Editor’s Choice Winner
"Spyware Doctor also set a new record in the malware blocking test, scoring 9.7 out of 10 possible points"
-www.pcmag.com, October 15, 2009