Antivirus Center runs every time Windows starts. It stops the Windows Security Center (wscsvc) and modifies Windows Registry. It uses the rundll32.exe application to launch functionality stored in a .dat file. So, if you open up the list of running processes in the Task Manager, you won't see any .dat file running but rather just the rundll32.exe. It may block some other programs on your computer and hijack your web browsers. What is more, Antivirus Center displays a bunch of fake security alerts labeled "Antivirus Center" and "Antivirus Center Firewall Alert" saying that your computer is infected by Spyware.IEMonster and some key loggers that may send your sensitive information to remote servers. Just some basic stuff that pretty much every fake AV displays to fool you into thinking that your PC is badly infected. The text of some of the fake alerts is:
Antivirus Center
Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Antivirus Center.
Antivirus Center Firewall Alert
Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.
Antivirus Center Firewall AlertTo remove Antivirus Center you should restart your computer in safe mode with networking, download anti-malware software and run a full system scan. If you choose to deal with the infection manually, you will have to navigate to %CommonAppData%, locate the file [SET OF RANDOM CHARACTERS].dat and delete it. To stop the annoying alerts, you can use this code D13F-3B7D-B3C5-BD84 to activate the rogue program. Please note, that Antivirus Center may download/drop additional malware onto your computer. That's why we strongly recommend you to use malware removal tools. Last, but not least, if you have already purchased it, please contact your credit card company and dispute the charges. Clarifications and comments are welcome as usual. If you have questions, please leave a comment below. Good luck and be safe online!
Warning
Keylogger activity detected!
Your account in social network is under attack. Click here to block unauthorized modification by removing threats (Recommended)
Related malware: Internet Protection, Internet Defender, Security Defender.
Antivirus Center removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate Antivirus Center removal instructions:
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for such entry in the scan results (Windows XP):
O4 - HKCU\..\Run: [SET OF RANDOM CHARACTERS] rundll32.exe "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].dat", [SET OF RANDOM CHARACTERS]
O4 - Startup: [SET OF RANDOM CHARACTERS].lnk = C:\WINDOWS\system32\rundll32.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Associated Antivirus Center files and registry values:
Files:
Windows XP
- C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].dat
- C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].ico
- C:\Documents and Settings\[UserName]\Desktop\Antivirus Center.lnk
- C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].tmp
- C:\ProgramData\[SET OF RANDOM CHARACTERS].dat
- C:\ProgramData\[SET OF RANDOM CHARACTERS].ico C:\Users\[UserName]\Desktop\Antivirus Center.lnk
- C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS].tmp
- HKEY_CURRENT_USER\Software\Microsoft\Cryptography MachineGuid = "[SET OF RANDOM CHARACTERS]"
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe" = "C:\WINDOWS\system32\rundll32.exe:*:Enabled:Antivirus Center"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
0 comments:
Post a Comment