Christian Mairoll 236 Report post Posted February 11, 2011 The Emsisoft malware research team has discovered a new outbreak of the AntiVira AV adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntiViraAV. AntiVira AV is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new file: %UserProfile%Local SettingsTemp%random%%random%.exeCreate/modify registry entries: HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownloadRunInvalidSignatures: 0×00000001CheckExeSignatures: “no”HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilterEnabled: 0×00000000EnabledV8: 0×00000000HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsProxyOverride: “<local>”ProxyEnable: 0×00000001ProxyServer: “http=127.0.0.1:18810″HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociationsLowRiskFileTypes: “.exe”HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachmentsSaveZoneInformation: 0×00000001HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun%random%: “%UserProfile%Local SettingsTemp%random%%random%.exe”HKEY_CURRENT_USERSoftware%random%knkd: 0×00000001id: “78.17″Screenshots: How to remove the infection of AntiVira AV (Adware.Win32.AntiViraAV)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Antivirus Scan Adware Removal Instructions Antivirus Action Adware Removal Instructions Disk OK Adware Removal Instructions Windows Optimization & Security Adware Removal Instructions Fast Disk Adware Removal Instructions View the full article Quote Share this post Link to post Share on other sites
