Wednesday 7 March 2012

How to Remove Best Virus Protection (Uninstall Guide)

Best Virus Protection is a rogue anti-virus program that attempts to lure you into purchasing bogus security solution that will allegedly remove the malicious software from your computer. This rogue antivirus program might perform many malicious activities. It might install additional spyware modules, steal your credit card numbers, passwords and user names, add your computer to a botnet, etc. One of the interesting things about Best Virus Protection is the way it modifies Windows hosts file and downloads backdoor Trojans onto the compromised computer making it wide open to cyber criminals. Thankful that it doesn't happen very often.

Best Virus Protection GUI. Looks pretty much the same as Microsoft Security Essentials.



Aside from rather sophisticated spyware modules, this rogue anti-virus is a very common scam. Scams are appearing via fake online virus scanners, spam, infected websites and social networks. I'm sure you are familiar with very aggressive pop-up messages urging you to install certain malware removal tools to remove non-existent infections from your computer. Very often they appear to be real but unfortunately leads to malware infection. Beware of pop-ups that are offering something you've never heard before. Malware authors use botnets and crimeware kits to distribute scareware too. As a result, Best Virus Protection can get installed on your computer without any interaction by you. I know it doesn't sound good but the truth is that your computer could be compromised just by you visiting infected websites. Please note that cyber criminals might compromised trusted websites as well. You should take precautions to ensure your operating system is updated and (security) software is current.

Warning! Virus detected
SpamTool.Win32.Delf.h



Fake software update notification. No network activity.



Fake security alert claiming that your machine is infected with potentially harmful software.


System Alert
Best Virus Protection has detected pontentially harmful software in your system. It is strongly recommended that you register Best Virus Protection to remove all found threats immediately.


As you may already know, cyber criminals use catchy names and associate them with known security programs. In this particular case "Best Virus Protection" is associated with Microsoft Security Essentials. I don't know about you guys but this name is too catchy for me. I could tell it's was fake right away. Best Virus Protection sounds more like award to me than the actual name of the antivirus product. But maybe it's just me. I know there are many unaware users that unfortunately might fall victim to this scam.

When running, Best Virus Protection blocks access to valid security sites. You might not be able to download and install certain malware removal apps. The rogue program modifies system files and registry entries to ensure that malware stayed on the system and could be easily restored in case you managed to remove some of the files manually. Sluggish system performance is another sign of malware infection. However, probably the most dangerous aspect of Best Virus Protection malware infection is the false sense of security you may have. You think that your computer is protected for malware but actually it's wide open to new infections. It may lead to identity theft and financial loss due to computer repair. In other words, this malware can cause you a lot of problems.

How to remove Best Virus Protection? There's no easy on-click fix. Hopefully, you can remove it using legit anti-malware software recommended in the removal guide below. Follow the steps in the removal guide very carefully. If you need help removing this malware from your computer, please leave a comment. Good luck and be safe online!


Best Virus Protection removal guide:

1. Click on Help and select Activate Now.



2. Enter one the following debugged registration keys and click Activate to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

U2FD-S2LA-H4KA-UEPB
K7LY-H4KA-SI9D-U2FD
K7LY-R5GU-SI9D-EVFB



2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this malware from your computer.

3. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.

Source: http://deletemalware.blogspot.com


Associated AV Security Essentials files and registry values:

Files:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]\
  • %AppData%\AV Security Essentials\
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
  • %UserProfile%\Desktop\AV Security Essentials
  • %UserProfile%\Start Menu\AV Security Essentials
  • %UserProfile%\Start Menu\Programs\AV Security Essentials.lnk
Registry values:
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\AV Security Essentials = "%AllUsersProfile%\Application Data\78b634\AV83d_9025.exe" /s /d
  • HKEY_CURRENT_USER\software\3
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe\Debugger = svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = 01000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\[1...15]
Tell your friends:

No comments:

Post a Comment