Ok, so today we are looking at a new rogue security program called Advanced Antispyware Solution. As far as we can tell, this rogue security program is being delivered through Twitter spam messages that lead to fake Windows Antivirus 2012 online scanners. All the domains that were found distributing this malware had .info TLDs. Some of the popular registrars offered .info domains for under $5 or less, so cyber crooks apparently bought lots of .info domains as well.
Advanced Antispyware Solution reports non-existent malware infections and displays lost of fake and very annoying security alerts to make you think that your computer is infected. All the rogue applications from the FakeVimes family, we've seen more than ten this year so far, share common characteristics. Once installed, Advanced Antispyware Solution drops several absolutely harmless files on the compromised computer. The rogue program later pretends to scan the compromised computer for malware and once the 'scan' is finished, it flags those files as dangerous. A funny things is that this rogue anti-spyware drops and detects exactly the same files on each and every compromised machine.
Fake security alerts are rather well designed and may look like a real thing for unsuspecting computer users despite the fact people are being exposed to technology like never before. Here are some of the fake security alerts you may see when your computer is infected with Advanced Antispyware Solution scareware:
What is more, this malware may block Windows system utilities and genuine malware removal tools. Some variants of this malware may modify Windows host file and redirect users to misleading websites. We will show you how to restore the Windows Host file in the removal guide below. You should scan your computer for rootkits as well, because removing Advanced Antispyware Solution won't help you much if you won't get rid of rootkits. You can remove this rogue anti-spyware program using legit anti-malware software recommended in the removal guide below. Follow the steps in the removal guide very carefully. If you need help removing this malware from your computer, please leave a comment. Good luck and be safe online!
Advanced Antispyware Solution removal guide:
1. Click on Help and select Activate Now.
2. Enter one the following debugged registration keys and click Activate to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.
U2FD-S2LA-H4KA-UEPB
K7LY-H4KA-SI9D-U2FD
K7LY-R5GU-SI9D-EVFB
2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this malware from your computer.
3. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.
Source: http://deletemalware.blogspot.com
Associated Advanced Antispyware Solution files and registry values:
Files:
- %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]\
- %AppData%\Advanced Antispyware Solution\
- %AppData%\Microsoft\Internet Explorer\Quick Launch\Advanced Antispyware Solution.lnk
- %UserProfile%\Desktop\Advanced Antispyware Solution\
- %UserProfile%\Start Menu\Advanced Antispyware Solution\
- %UserProfile%\Start Menu\Programs\Advanced Antispyware Solution.lnk
- HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\Advanced Antispyware Solution = "%AllUsersProfile%\Application Data\34g561\AV62c_8538.exe" /s /d
- HKEY_CURRENT_USER\software\3
- HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM].exe\Debugger = svchost.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = 01000000
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\[1...15]
No comments:
Post a Comment