Christian Mairoll 228 Report post Posted September 24, 2010 The Emsisoft malware research team has discoverd a new outbreak of the Antivirus IS adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntivirusIS. Antivirus IS is a rogue security program, this is a new variant from Security Suite, AV Security Suite, Antivirus Suite, and Antivirus Soft. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. Create new file: %UserProfile%Local SettingsApplication Data%random%%random%.exeCreate/modify registry entries: HKEY_CURRENT_USERsoftwareMicrosoftInternet ExplorerDownload(DWORD) RunInvalidSignatures = 0×00000001 (1)HKEY_CURRENT_USERsoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations(SZ) LowRiskFileTypes = .exeHKEY_CURRENT_USERsoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments(DWORD) SaveZoneInformation = 0×00000001 (1)HKEY_CURRENT_USERsoftwareMicrosoftWindowsCurrentVersionRun(SZ) %random% = %UserProfile%Local SettingsApplication Data%random%%random%.exeHKEY_CURRENT_USERsoftwareMicrosoftInternet ExplorerDownload(SZ) CheckExeSignatures = noScreenshots: How to remove the infection of Antivirus IS (Adware.Win32.AntivirusIS)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Antivirus Suite Adware Removal Instructions AV Security Suite Adware Removal Instructions Antivir Solution Pro Adware Removal Instructions Antivirus Soft Adware Removal Instructions AVDefender 2011 Adware Removal Instructions View the full article Quote Share this post Link to post Share on other sites
