Wednesday 4 April 2012

Removing Advanced Antispyware Solution (Uninstall Guide)

If you are a regular visitor to our blog you probably noticed that the last few weeks had been a bit slow compared to the previous months. This is mostly due that we have been working on other projects. Besides, the volume of actively spread rogue security products has decreased significantly over the past few weeks, at least in some regions, which is a good thing after all. However, malware authors will probably exploit Easter just like any other special event to send out rogue security programs and other malicious software. Malware may show up in Easter greeting cards and images, so please be very cautious when downloading and opening Easter greeting cards, especially this weekend. Cyber crooks are already distributing new rogue security programs and will probably double the number of new malware samples this weekend.



Ok, so today we are looking at a new rogue security program called Advanced Antispyware Solution. As far as we can tell, this rogue security program is being delivered through Twitter spam messages that lead to fake Windows Antivirus 2012 online scanners. All the domains that were found distributing this malware had .info TLDs. Some of the popular registrars offered .info domains for under $5 or less, so cyber crooks apparently bought lots of .info domains as well.

Advanced Antispyware Solution reports non-existent malware infections and displays lost of fake and very annoying security alerts to make you think that your computer is infected. All the rogue applications from the FakeVimes family, we've seen more than ten this year so far, share common characteristics. Once installed, Advanced Antispyware Solution drops several absolutely harmless files on the compromised computer. The rogue program later pretends to scan the compromised computer for malware and once the 'scan' is finished, it flags those files as dangerous. A funny things is that this rogue anti-spyware drops and detects exactly the same files on each and every compromised machine.

Fake security alerts are rather well designed and may look like a real thing for unsuspecting computer users despite the fact people are being exposed to technology like never before. Here are some of the fake security alerts you may see when your computer is infected with Advanced Antispyware Solution scareware:





What is more, this malware may block Windows system utilities and genuine malware removal tools. Some variants of this malware may modify Windows host file and redirect users to misleading websites. We will show you how to restore the Windows Host file in the removal guide below. You should scan your computer for rootkits as well, because removing Advanced Antispyware Solution won't help you much if you won't get rid of rootkits. You can remove this rogue anti-spyware program using legit anti-malware software recommended in the removal guide below. Follow the steps in the removal guide very carefully. If you need help removing this malware from your computer, please leave a comment. Good luck and be safe online!


Advanced Antispyware Solution removal guide:

1. Click on Help and select Activate Now.



2. Enter one the following debugged registration keys and click Activate to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

U2FD-S2LA-H4KA-UEPB
K7LY-H4KA-SI9D-U2FD
K7LY-R5GU-SI9D-EVFB



2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this malware from your computer.

3. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.

Source: http://deletemalware.blogspot.com


Associated Advanced Antispyware Solution files and registry values:

Files:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]\
  • %AppData%\Advanced Antispyware Solution\
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Advanced Antispyware Solution.lnk
  • %UserProfile%\Desktop\Advanced Antispyware Solution\
  • %UserProfile%\Start Menu\Advanced Antispyware Solution\
  • %UserProfile%\Start Menu\Programs\Advanced Antispyware Solution.lnk
Registry values:
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\Advanced Antispyware Solution = "%AllUsersProfile%\Application Data\34g561\AV62c_8538.exe" /s /d
  • HKEY_CURRENT_USER\software\3
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe\Debugger = svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = 01000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\[1...15]
Tell your friends:

No comments:

Post a Comment