AV Protection Online scareware is rampant on the Internet. Such malware is usually promoted through the use of Trojans and other malicious software. Trojans masquerade as a legitimate applications, usually Flash players, Windows updates, codec packs, etc. Trojans then request files from the internet and install rogue security product on infected machine. On the other hand, cyber criminals use sophisticated social engineering attacks to distribute malicious code that at a first glance may appear legitimate. Is AV Protection Online a security risk? Yes, it is. Especially if it comes bundled with rootkits and trojans with keyloggin modules. AV Protection Online interest in financial transactions.
AV Protection Online may block legitimate security products and Windows utilities. The eradication of rogue AVs combined with Trojans requires advanced knowledge of the most recent methods and techniques for computer cleansing. Although, you can remove the the rogue program manually, we recommend you to use anti-malware software instead. Oh, and by the way, this virus may display online stores selling ebooks and audio books, don't fall for a scam like this. If you have already purchased AV Protection Online, you should contact your credit card company and dispute the charges. To remove AV Protection Online, please follow the removal instructions below. Last, but not least, the only recommended method of protecting your PC is to have installed fully functioning antivirus software with the latest virus definitions. If you have any questions about virus or computer security in general, please leave a comment below or just email us. Good luck and be safe online!
http://deletemalware.blogspot.com
AV Protection Online removal instructions:
1. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!
Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
Manual AV Protection Online removal guide:
1. Right-click on AV Protection Online icon and select Properties. Then select Shortcut tab.
The location of the malware is in the Target box.
2. In our case the malicious file was located in C:\Windows\System32 folder. Select the malicious file, rename it and change a file name extension.
Original file: TcS22bF3nGaQWKf.exe
Renamed file: TcS22bF3nGaQWKf.vir
3. Restart your computer. After a reboot, download free anti-malware software from the list below and run a full system scan.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://deletemalware.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html
Manual activation and AV Protection Online removal:
1. Choose to remove threats and manually activate the rogue program. Enter one of the following codes to activate AV Protection Online.
9992665263
1148762586
1171249582
1186796371
1196121858
1225242171
1354156739
1579859198
1789847197
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. Remove the TDSS/ZeroAccess rootkit (if exists). Please follow this removal guide: http://deletemalware.blogspot.com/2010/03/tdss-alureon-tidserv-tdl3-removal.html
Associated AV Protection Online files and registry values:
Files:
- C:\WINDOWS\system32\[SET OF RANDOM CHARACTERS].exe
- C:\Documents and Settings\[UserName]\Application Data\csrss.exe
- C:\Documents and Settings\[UserName]\Application Data\hTrkd58DeORldrQAV Protection Online.ico
- C:\Documents and Settings\[UserName]\Application Data\Microsoft\csrss.exe
- C:\Documents and Settings\[UserName]\Desktop\AV Protection Online.lnk
- C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].tmp
- C:\Documents and Settings\[UserName]\Start Menu\Programs\AV Protection Online\AV Protection Online.lnk
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
0 comments:
Post a Comment