Here's an example of what he fake virus scanner looks like. The title says AVASoft Antivirus Professional, simply add L in front of it and you will get LAVASoft. Coincidence? I don't think so. Of course, it's not their product. Lavasoft is a well known and reputable software company and it's obviously not responsible for this scam.
Just a few quick facts about this malware before we proceed further into removing it: AVA Soft Professional Antivirus will pretend to scan your computer for malicious software and then will give you a message claiming that there are almost twenty or even ore infected files that obviously have to be removed; otherwise your files can be deleted and your private information may be stolen. The fake virus scanner design is kinda professional and may look like a real thing for less computer savvy users, maybe that's the reason why many people have mistaken it for an actual antivirus program.
One of many fake security warnings you will see if your computer gets infected with AVASoft Professional Antivirus. This one, shown below, claims that your computer is infected with spyware.
And here's another one, titled AVASoft Professional Antivirus Firewall Alert.
It claims that the rogue application, particularly its firewall module, has blocked Internet Explorer from accessing the Internet. The fake antivirus application indeed blocks web browsers and not just Internet Explorer. It simply displays another warning claiming that the website you are going to visit is infected and supposedly infected with a computer worm called SVCHOST.Stealth.Keyloger. This is not the first time cyber crooks mistype words in their fake security notifications.
OK, and the last fake security warning I would like to show you says Harmful software detected.
It even mentions some fancy virus names, for instance Worm.Bagle.CP, Win32.PerFiler and many others. Some of them may be real and some fake. I've checked a few of them and they don't seem to exist. Simply close such warnings and do not follow the on screen instructions the rogue application will give you.
Of course, the AVASoft Professional Antivirus has nothing to do with genuine antivirus companies. All the warnings you will get on your computer screen are certainly fake. Unfortunately, many users believe it's the real thing and quickly offer up their credit card information and certain personally identifiable information. DO NOT pay for this completely useless application.
Here's a screenshot of what the fake payment page looks like.
On the right side of the payment page, scammers claim that this is a one-time payment and that you will not be 'rebiled'. However, on the left side of the same page, they ask you to choose subscription type: 6 months, 9 months or 12 months + free support by phone and email. Doesn't make sense, right?. Actually, I wouldn't be surprised if decided to implement semi-annually or annually billings via credit card. I believe this could easily increase their profit.
www.tech-ava-soft.org is the official site of this rogue security software. The most interesting part is that they actually present entirely different software on their site. It's called Antivirus Security 2013. This software is translated into a few different languages but most importantly, it doesn't produce false positives and fake security alerts. The product is genuine by the way, because they simply use ClamAV antivirus database instead of maintaining their own. I think they had to do this because otherwise they wouldn't be able to get bank account and payment processors for their software. And that means, they probably have their own support and try to keep the charge-back rates as low as possible to avoid possible restrictions. This is a good news for victims, because if scammers actually care, they will probably return certain amount of money just to stay off the radar.
The worst part about the AVASoft Professional Antivirus infection is that it is a "drive-by download" type of infection, which means nothing has to be downloaded to a computer manually. All you have to is is simply visit an infected website and the virus will automatically be installed on your computer. This makes it very difficult to detect and avoid, but there are some things you can do to help keep your computers free of malicious software.
How to remove AVASoft Professional Antivirus?
Well, first of all, it does not have a standard uninstaller like most programs do, so you will either have to remove it manually or hire a professional to help you to remove AVASoft Professional Antivirus from your computer. However, there are some things just about anyone can try that will often remove this malware, or at least allow you to retrieve full control of your machine. To remove this malware from your computer, please follow the removal instructions below.
If your computer is infected with AVASoft Antivirus the last thing you should do is pay for the "full" version. By paying you are only worsening the situation and exposing yourself to identity theft. Also, you are encouraging cyber crooks to do it again. The best advice is to report the scam to the police and then have it removed from your computer as soon as possible. A little foresight and common sense, though, can keep your computer and valuable files safe from cyber crooks and viruses.
Do you have any additional information or questions on the AVASoft Professional Antivirus? Post your comment or question below. Good luck and be safe online!
Written by Michael Kaur, http://deletemalware.blogspot.com
Method 1: AVASoft Professional Antivirus removal in Safe Mode with Networking:
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.
NOTE: if you can't run anti-malware software, rename the installer to iexplore.exe and try again.
Method 2: AVASoft Professional Antivirus removal guide using debugged registration key:
1. Open AVASoft Professional Antivirus scanner. Click the "Registration" button (top right corner).
Enter the following debugged registration key and click "Activate" to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.
AA39754E-715219CE
Once this is done, you are free to install recommended anti-malware software and remove AVASoft Professional Antivirus from your computer properly.
2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.
NOTE: if you can't run anti-malware software, rename the installer to iexplore.exe and try again.
Method 3: AVASoft Professional Antivirus manual removal guide:
1. First of all, go to your Desktop and right click the AVASoft Professional Antivirus.lnk shortcut file and select Properties.
2. Select Shortcut tab. Find the location of AVASoft Professional Antivirus executable file (target location). It should be a randomly named file. Simply click the Find Target button.
3. Browser to the executable file. Rename it, for instance to virus.exe. Restart Windows.
4. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.
NOTE: if you can't run anti-malware software, rename the installer to iexplore.exe and try again.
Associated AVASoft Professional Antivirus files and registry values:
Files:
Windows XP:
- C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]\
- %UserProfile%\Desktop\AVASoft Professional Antivirus.lnk
- %UserProfile%\Start Menu\Programs\AVASoft Professional Antivirus\
- C:\ProgramData\[SET OF RANDOM CHARACTERS]\
- %UserProfile%\Desktop\AVASoft Professional Antivirus.lnk
- %UserProfile%\Start Menu\Programs\AVASoft Professional Antivirus\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
- HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\AVASoft Professional Antivirus\
0 comments:
Post a Comment