(Thanks to rogueamp)
AWM Antivirus is a clone of A-fast Antivirus. It displays fake security warnings and pop-ups with false information. Once installed, it displays a fake pop-up claiming that your computer is infected with spyware. The text of this fake pop-up is:
Your computer is infected! Windows detected spyware infection!Other fake messages look something likes this:
It is recommended to use special antispyware tools to prevent dataloss. Windows will now download and install the most up-to-date antispyware for you.
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. It's highly recommended you scan your PC right now.
AWM Antivirus may block legitimate programs and redirect users to various misleading websites full of Ads.
The home page of this bogus security software is awm-antivirus.com. Please don't visit that page.
Screen shot of awm-antivirus.com (payment page):
As you can see AWMAntivirus forces victims to register the program for a fee to remove found malicious software from your computer. Do not fall victim to this attack and remove AWM Antivirus from the system upon detection. The removal guide below will show you to do this. Last, but not least, if you find difficult to remove this virus from your computer, you can activate it and make the removal procedure easier. But please note that still need to scan your computer with anti-malware software to remove the rogue program. Simply activating the program won't solve the problem. In order to activate AWMAntivirus please use one of the following codes:
- B0B302F772
- C197C46C46
- B20C1467B7
- 041E4B235A
- 25CCCC7329
- 9926220EED
- A58EC19D33
- C15F2FF276
- F61E370D62
- DDAD6A7A2C
- 9F8122FE00
- 3754DD9DA6
- 3DC52EA100
- EE73BBFFA6
- 7E61C9C7DF
- EE34D2E8A7
- AA61971AA1
- 9D2510E3E8
Now you should have the activated version of this scareware on your computer. By the way, if you have purchased it then please call your credit card company and dispute the charges. Also, if you have any questions or additional information about this virus, please don't hesitate and leave a comment. Good luck and be safe online!
AWM Antivirus removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
AWM Antivirus removal instructions using HijackThis (in Normal mode):
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for such entry(ies) in the scan results:
O4 - HKCU\..\Run: [awm] %AppData%\AWM\AWM.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
3. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
AWM Antivirus associated files and registry values:
Files:
For Windows XP users:
- C:\Documents and Settings\UserName\Application Data\AWM\
- C:\Documents and Settings\UserName\Application Data\AWM\AWM.exe
- C:\Documents and Settings\UserName\Desktop\AWM Antivirus.lnk
- C:\Users\UserName\AppData\Roaming\AWM\
- C:\Users\UserName\AppData\Roaming\AWM\AWM.exe
- C:\Users\UserName\Desktop\AWM Antivirus.lnk
- HKEY_CURRENT_USER\Software\AWM
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "awm"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "AWM Antivirus"
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\UserName\Application Data\AWM\AWM.exe:*:Enabled:awm"
No comments:
Post a Comment