Archive for the 'Rogue Antispyware/Antivirus' Category

What is AntiVira Av, How to remove AntiVira Av

Wednesday, February 9th, 2011

AntiVira Av is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

AntiVira Av associated files and folders:

%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe

AntiVira Av associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:11215″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
HijackThis shows AntiVira Av:

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Description: AntiVira Av is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, AntiVira Av will display numerous fake security alerts and block all the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove AntiVira Av from your computer for free using legitimate free antimalware software.

How to remove: use the AntiVira Av removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.
2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
3. Download HijackThis from here and save it to your desktop.
4. Run HijackThis. Click to Scan button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
5. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is Antivirus.NET, How to remove Antivirus .NET

Wednesday, January 26th, 2011

Antivirus .NET is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Antivirus .NET associated files and folders:

%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe

Antivirus .NET associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:30215″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
HijackThis shows Antivirus .NET:

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Description: Antivirus .NET is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, Antivirus.NET will display numerous fake security alerts and block all the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Antivirus .NET from your computer for free using legitimate free antimalware software.

How to remove: use the Antivirus .NET removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.
2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
3. Download HijackThis from here and save it to your desktop.
4. Run HijackThis. Click to Scan button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
5. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is AntiVirus_System_2011 exe, How to remove AntiVirus_System_2011.exe

Thursday, January 6th, 2011

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus_System_2011
Filename: AntiVirus_System_2011.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus System 2011

Command: C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiVirus System 2011] “C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe” /STARTUP

DDS Line:

uRun: [AntiVirus System 2011] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus System 2011″=C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Description: core component of fake antivirus program named AntiVirus System 2011.

How to remove: use the AntiVirus System 2011 removal instructions.

What is palladium.exe, How to remove palladium.exe

Tuesday, January 4th, 2011

palladium.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: palladium
Filename: palladium.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | “Shell” = “%AppData%\palladium.exe”

Command: %AppData%\palladium.exe
Startup Type: HKCU->Winlogon->Shell
Description: core component of Palladium Pro. Palladium Pro is a fake security program (rogue antispyware).

How to remove: use the fake Palladium Pro removal instructions.

What is Personal Internet Security 2011, How to remove Personal Internet Security 2011

Tuesday, December 28th, 2010

Personal Internet Security 2011 is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Personal Internet Security 2011 associated files and folders:

C:\Documents and Settings\All Users\Application Data\da1933\AB220_121.exe
%UserProfile%\Application Data\Personal Internet Security 2011
%UserProfile%\Application Data\Personal Internet Security 2011\cookies.sqlite
%UserProfile%\Desktop\Personal Internet Security 2011.lnk
%UserProfile%\Start Menu\Personal Internet Security 2011.lnk
%UserProfile%\Application Data\Personal Internet Security 2011\Instructions.ini
%UserProfile%\Start Menu\Programs\Personal Internet Security 2011.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Internet Security 2011.lnk

Personal Internet Security 2011 associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Personal Internet Security 2011

Core filename: AB220_121.exe
Command: C:\Documents and Settings\All Users\Application Data\da1933\AB220_121.exe
HijackThis shows Personal Internet Security 2011:

O4 – HKCU\..\Run: [Personal Internet Security 2011] “C:\Documents and Settings\All Users\Application Data\da2933\AB220_121.exe” /s /d

Description: rogue antispyware program

How to remove: use the Personal Internet Security 2011 removal guide or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

4. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[resethosts]

Click the red Moveit! button. Close OTM.

What is Internet Antivirus 2011, How to remove Internet Antivirus 2011

Thursday, December 9th, 2010

Internet Antivirus 2011 is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Internet Antivirus 2011 associated files and folders:

C:\Documents and Settings\All Users\Application Data\da1933\IA220_121.exe
%UserProfile%\Application Data\Internet Antivirus 2011
%UserProfile%\Application Data\Internet Antivirus 2011\cookies.sqlite
%UserProfile%\Desktop\Internet Antivirus 2011.lnk
%UserProfile%\Start Menu\Internet Antivirus 2011.lnk
%UserProfile%\Application Data\Internet Antivirus 2011\Instructions.ini
%UserProfile%\Start Menu\Programs\Internet Antivirus 2011.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk

Internet Antivirus 2011 associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Internet Antivirus 2011

Core filename: IA220_121.exe
Command: C:\Documents and Settings\All Users\Application Data\da1933\IA220_121.exe
HijackThis shows Internet Antivirus 2011:

O4 – HKCU\..\Run: [Smart Engine] “C:\Documents and Settings\All Users\Application Data\da2933\IA220_121.exe” /s /d

Description: rogue antispyware program

How to remove: use the Internet Antivirus 2011 removal guide or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

4. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[resethosts]

Click the red Moveit! button. Close OTM.

What is HardDrive Diagnostic, How to remove Hard Drive Diagnostic

Tuesday, December 7th, 2010

Hard Drive Diagnostic is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Hard Drive Diagnostic associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Hard Drive Diagnostic.lnk
%UserProfile%\Start Menu\Programs\Hard Drive Diagnostic
%UserProfile%\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
%UserProfile%\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk

Hard Drive Diagnostic associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Hard Drive Diagnostic:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Hard Drive Diagnostic is a fake computer optimization software that installed via trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HardDrive Diagnostic will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not purchase this fake program! If your computer is infected with this malware then follow the removal guide below to remove Hard Drive Diagnostic from your computer for free using legitimate free antimalware software.

How to remove: use the Hard Drive Diagnostic removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is vz.exe, How to remove vz.exe

Monday, November 22nd, 2010

vz.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vz
Filename: vz.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Command: %Appdata%\vz.exe
Startup Type: File associations
Description: main executable file of XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All programs are rogue antispyware.

How to remove: use these vz.exe removal instructions.

What is Security_Inspector_2010.exe, How to remove Security_Inspector_2010.exe

Tuesday, November 9th, 2010

Security_Inspector_2010.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Security_Inspector_2010
Filename: Security_Inspector_2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Inspector 2010

Command: %AppData%\Security Inspector 2010\Security_Inspector_2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

DDS Line:

uRun: [Security Inspector 2010] C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Inspector 2010″=C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Description: core component of Security Inspector 2010 (rogue antispyware program)

How to remove: use the Security Inspector 2010 removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download HijackThis from here and save it to your desktop. Before saving, in the Save dialog, rename HijackThis.exe to explorer.exe !!!

3. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is AntiVirus_Solution_2010.exe, How to remove AntiVirus_Solution_2010.exe

Friday, October 29th, 2010

AntiVirus_Solution_2010.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus_Solution_2010
Filename: AntiVirus_Solution_2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Solution 2010

Command: %AppData%\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiVirus Solution 2010] “C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe” /STARTUP

DDS Line:

uRun: [AntiVirus Solution 2010] C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Solution 2010″=C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe

Description: core component of AntiVirus Solution 2010 (fake antivirus)

How to remove: use the AntiVirus Solution 2010 removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download HijackThis from here and save it to your desktop. Before saving, in the Save dialog, rename HijackThis.exe to explorer.exe !!!

3. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [AntiVirus Solution 2010] “C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe” /STARTUP

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).