February 21, 2011

Virus Support - AntiVira Av

AntiVira Av.



 AntiVira Av is a rogue anti-spyware program and it is the modified version of the rogue anti-spyware Antivirus .NET.




 

These type of rogue anti-spyware programs are designed to start automatically when the computer starts and they will start detect Fake infections on the computer and for removing the infections, we have to pay a certain amount to buy the full version of the rogue program.



The greatest risk with a new rogue program like AntiVira Av is when a user tries to scan for it with outdated real anti-spyware software that can't detect it, and the user assumes everything is fine. Security software that isn't completely up to date may not even see malware as recent as AntiVira Av or may only see an inadequate portion of it.

The removal of AntiVira Av in normal mode is difficult, since the programs initially disable Task manager and hence we can’t stop the infected services.

Where in Computer?
The usual location's of the AntiVira Av are as follows:

XP- C:\Documents and Settings\User\Local Settings\Temp\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

Vista\ Win7- C:\Users\Local\Temp\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Or
C:\Program Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

How to Remove?

  • Reboot your computer into Safe Mode.(During computer start-up, press the F8 key on your computer keyboard, before Windows displays its operating system logo. Select safe mode from the list of options and press the enter key.)
  • Remove the infected entries from locations mentioned above.
  • This infection changes your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software. Regardless of the web browser you use, for these instructions we will first need to fix this problem so that we can download the utilities we need to remove this infection.
  • Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options as shown in the image below.

You should now be in the Internet Options screen as shown in the image below.

 Now click on the Connections tab as designated by the blue arrow above.
 You will now be at the Connections tab as shown by the image below

  Now click on the LAN Settings button as designated by the blue arrow above.
 You will now be at the Local Area Network (LAN) settings screen as shown by the image below.


Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.
  • Remove the following infected Registry entries now.
They are
HKEY_CURRENT_USER\Software\<random>
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ''
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:18810'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
  • After removing all these files, restart your computer and the issue will be fixed.
  • And don’t forget to do update your Security Software and the Operating System and finally does a full system scan with the Security Software.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More