- Spyware.IMMonitor
- Spyware.IEMonster.d
- Win32.Rbot.fm
- Trojan.Alg.t
- Infostealer.Banker.E
- Spyware.KnownBadSites
- Trojan.Tooso
- Trojan.Clicker.EC
- Zlob.PornAdvertiser.ba
- Trojan.MailGrabber.s
- TrustedAntivirus
- Trojan.BAT.Adduser.t
- and etc.
Old Antivirus 2010 GUI:
The main goal of Antivirus 2010 is to trick you into purchasing the full version of the program. Of course, you shouldn't do that. This is nothing more but a scam because it prompts you to pay for a full version of the program to remove the threats which don't even exist in the first place. You should follow the removal guide below to remove this infection from your computer for free using legitimate anti-malware programs.
Once installed, Antivirus 2010 creates malicious startup entry so that the rogue program will start automatically every time you logon to Windows. The malicious startup entry launches wingamma.exe which then starts AV2010.exe. The rogue program impersonates Windows Security Center as shown in the image below and states that yous must purchase Anti-virus 2010 in order to protect yourself.
The rogue program also displays fake Blue Screen of Death screen to scare you and make you think that your computer has crashed because of SPYWARE.MONSTER.FX_WILD_0x0000000 infection. The funny thing is that you can actually close this fake screen just by pressing Alt-Tab or Control-Alt-Delete.
Antivirus 2010 hijacks the desktop background too:
Last, but not least, Antivirus 2010 hijacks Internet Explorer and displays fake warnings while surfing the web. One of the fake warnings reads: Internet Explorer Warning - visiting this web site may harm your computer! See how this fake warning looks in the image below.
As you can see, Antivirus 2010 is absolutely needless and even dangerous program. Don't be fooled and don't pay for it! If you already bought it then you should contact your credit card company and dispute the charges. Next, read the removal instructions below and uninstall Antivirus 2010 from your computer a soon as possible.
Antivirus 2010 removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate Antivirus 2010 removal instructions using Process Explorer (in Normal mode):
1. Download Process Explorer and end Antivirus 2010 process(es):
- us?rinit.exe
- wingamma.exe
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Antivirus 2010 associated files and registry values:
Current Antivirus 2010 Files:
- C:\Documents and Settings\All Users\Application Data\.wtav
- C:\WINDOWS\system32\mswmqnei.dll
- C:\WINDOWS\system32\us?rinit.exe
- C:\WINDOWS\system32\drivers\vbma22b4.sys
- C:\Program Files\AV2010
- C:\Program Files\AV2010\AV2010.exe
- C:\Program Files\AV2010\svchost.exe
- C:\WINDOWS\system32\IEDefender.dll
- C:\WINDOWS\system32\wingamma.exe
- C:\Documents and Settings\All Users\Desktop\AV2010.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\AV2010
- C:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk
- HKEY_CLASSES_ROOT\Interface\{35c95ec8-f789-9a3a-375c-bdb89a3684fd}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFBCFDBA
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
- HKEY_CURRENT_USER\Software\AV2010
- HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
- HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
- HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
- HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
- HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
- HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
- HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"
No comments:
Post a Comment