Aug 12, 2011

Antivirus IS.

Antivirus IS is a new rogue antivirus that is spread by fake antivirus websites, trojans and security exploits.
Typically, just like Antivirus Soft or Security Suite, you will start seeing Antivirus IS popups out of blue, without being able to pinpoint cause of the infection. This is due to various system security holes this malware is able to exploit : Lack of system updates, lack of antivirus, anti-malware software or firewall.

Antivirus IS is quite dangerous – it cripples the PC limiting access to the internet and prohibiting execution of normal antimalware programs. You will start seeing alerts that your PC is infected on each executable launch. Antivirus IS will report each website you visit as unsafe, but this is just a hoax to convince you into paying.
Do not pay for Antivirus IS – this software has no full version, and in most cases they will use your credit card details as much as they can till it will get blocked. Thus do not enter credit card details in any of websites operated by this scamware owners.
AntivirusIS removal might be tricky as it will block execution of other programs. The best bet is to reboot, press F8 and choose safe mode with networking, or perform malware removal from another user account. Quite often only single user account is fully compromised. Also, you will have to disable proxy server in your browser – antivirus IS uses proxy to limit the websites you can visit from infected PC. 
Kill malicious Processes from Task Manager:
  • [random].exe
 Location of the infection:
  1. %UserProfile%\Local Settings\Application Data\{random}\
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\wnxmal
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0? (CHANGE THIS TO 1)
Although it is possible to manually remove fake Antivirus IS, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend  malware and spyware removal applications.

After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More