Rogue Antivirus Program Antivirus Pro 2010

Antivirus Pro 2010 is one of the latest of rogue antispyware programs to hit the Internet. It will infect your computer through known security holes in your Operating System or Web Browser, and then will display a significant number of advertisements on your computer attempting to get you to purchase the commercial version of the software which will result in greater infection of your computer with malware.

 Antivirus Pro 2010’s Payload

 Antivirus Pro 2010 can be downloaded as a payload of a Trojan Virus downloader such as the Zlob Trojan or injected directly on your computer through malicious websites. Once you start seeing a significant display of infection warnings on your computer the spyware has already infected your computer. If you click on one of the warnings it will re-direct you to a malicious website that will download additional malware on your computer. If you purchase the “commercial” version of the program, then it will download more spyware on the computer. Once your computer is infected, the number of computer processes started by the malware will significantly impact your computers efficiency and performance. This will continue to get worse as Antivirus Pro downloads more malware on your computer.

 Antivirus Pro 2010 Automatic Removal Information

Antivirus Pro 2010 is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal. If you are seeing what you believe to be “Fake” infection notifications, then your computer is likely already infected with the Spyware and the Trojan virus that deployed the malware.

How to remove Antivirus Pro 2010 and affiliated threats manually:
If you know how to make registry modifications on your computer, then manual removal of Antivirus Pro 2010 can be attempted. First, restart your computer in Windows Safe mode by restarting your computer and rapidly depressing the “F8″ keyboard function key during the rebooting process. Then, delete the following files from your computer if present:

%Documents and Settings%\All Users\Documents\usurav.lib %UserProfile%\Application Data\azuloge.scr

%UserProfile%\Application Data\efenyrygi.dl

%UserProfile%\Application Data\sonisozivo.vbs

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro 2010.lnk

%UserProfile%\Cookies\mucipi.lib

%UserProfile%\Cookies\tacogijine.scr

%UserProfile%\Cookies\titotico._sy

%UserProfile%\Cookies\weryna.inf

%UserProfile%\Desktop\AntivirusPro_2010.lnk

%UserProfile%\Local Settings\Application Data\dexohoty.reg

%UserProfile%\Local Settings\Application Data\yvolij.dll

%UserProfile%\Local Settings\Application Data\yxine.exe

%UserProfile%\Start Menu\Programs\AntivirusPro 2010

%UserProfile%\Start Menu\Programs\AntivirusPro 2010\AntivirusPro 2010.lnk

%UserProfile%\Start Menu\Programs\AntivirusPro 2010\Uninstall.lnk

%Program Files%\AntivirusPro 2010

%Program Files%\AntivirusPro 2010\AntivirusPro 2010.cfg

%Program Files%\AntivirusPro 2010\AntivirusPro 2010.exe

%Program Files%\AntivirusPro 2010\AVEngn.dll

%Program Files%\AntivirusPro 2010\htmlayout.dll

%Program Files%\AntivirusPro 2010\pthreadVC2.dll

%Program Files%\AntivirusPro 2010\Uninstall.exe

%Program Files%\AntivirusPro 2010\wscui.cpl

%Program Files%\AntivirusPro 2010\data

%Program Files%\AntivirusPro 2010\data\daily.cvd

%Program Files%\AntivirusPro 2010\Microsoft.VC80.CRT

%Program Files%\AntivirusPro 2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

%Program Files%\AntivirusPro 2010\Microsoft.VC80.CRT\msvcm80.dll

%Program Files%\AntivirusPro 2010\Microsoft.VC80.CRT\msvcp80.dll

%Program Files%\AntivirusPro 2010\Microsoft.VC80.CRT\msvcr80.dll

%Program Files%\Common Files\aqicituzap.pif

%Program Files%\Common Files\fijunuso.inf

%Program Files%\Common Files\goke.scr

%WINDOWS%\bawuge._dl

%WINDOWS%\bezonyx.ban

%WINDOWS%\qacigyjuw.bin

%WINDOWS%\ruja.dl

%WINDOWS%\system32\_scui.cpl

%WINDOWS%\system32\epivafym._dl

%WINDOWS%\system32\pocec.lib

Then, make the following registry deletions on your computer:

HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro 2010

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro 2010

HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”

HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus Pro 2010″

After you have deleted the Antivirus Pro 2010 registry entries, restart your computer normally and the virus will be removed.

System Security Virus Pop-Up Display

There are a number of rogue antispyware and antivirus programs on the Internet now a days. One of the particularly nasty ones is the System Security virus. If your computer gets infected by System Security, it’s going to make your operating system unstable and will result in additional malware being installed on your computer.

What Does System Security Spyware Do?

Once your computer gets infected by the System Security Virus the malware will:

-         Get past your antivirus and antispyware software. Some of the latest versions of these programs will catch the attempted infection, but not all of them. If it does get past them, it will disable the well-known antivirus program control panels.

-         Will block opening your registry editor, task manager, and accessing the DOS command prompt.

-         Try to prevent you from installing new anti-virus programs on your computer to remove the malware.

-         Attempt to Disable online virus scans to keep you from using that medium to fix or clean System Security.

System Security Virus Symptoms

System security will display the “Security System Firewall Alert” on your computer whenever you are online. It will also generate a randomly named executable in the “Documents and Settings\All Users\Application Data\random numbers\random numbers .exe” directory. When you restart the computer it will prevent you from accessing the registry during reboot to clean the virus.

Removing System Security 2009 Manually

You’ll likely not have any luck removing System Security automatically with your anti-virus program. Definitely try that route first. If it fails, then you can manually remove the infection, but please seek advise of a professional if you are not experienced at registry modifications. First, reboot your computer in Windows Safe mode by rapidly depressing the “F8″ keyboard function key during the rebooting process. Then, delete the following files from your computer:

%\Documents and Settings%\All Users\Application Data\00308937\pc00308937ins %\Documents and Settings%\All Users\Application Data\00308937\00308937.exe %\Documents and Settings%\All Users\Application Data\00308937\config.udb %UserProfile%\Desktop\System Security 2009.lnk

%UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk

%UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk

Then, remove the following entries from your computer’s registry.

HKEY_LOCAL_MACHINE\Software\00308937 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “00308937″ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009

After you’re done, reboot your computer normally and attempt to run your anti-virus program to check for additional infections on your computer.

Computer Malwareis the term used to describe computer software that is designed to infect one’s computer with a computer virus, rootkit, spyware, or adware. The term malware comes from malcious (intent) + software. It is the more correct term for the majority of infections a computer will receive differing from the term computer virus which refers to only a subset of all computer malware. Once a computer is infected with malware, it will either damage the computer’s files or programs, use the computer to conduct unapproved actions (by the owner) by others, display advertisements, or steal the user’s personal information. Specific types of computer malware are: Trojan Viruses, Computer Viruses, Worms, Spyware, Adware, and Rootkits.

Methods of Computer Malware Infection

Computer Malware may spread in a number of ways. It may infect your computer directly through security holes in your Operating System or Internet Browser, through infected email attachments, through security holes in Instant Messaging programs, through the boot sector of portable media drives such as USB sticks and portable hard drives, through infected multimedia files such as MP3’s and movie files, and through injection into legitimate applications. Many computer malware producers take advantage of the fact that over 50% of computer users either don’t have anti-malware protection or don’t update what they do have on their computer.

Trends in Computer Malware

One of the latest trends in Computer Malware has been the emergence of the rogue anti-spyware Trojan Virus/Spyware. These programs infect your computer through a variety of means, and display fake virus and spyware infection messages to the user. Their primary goal is to trick the user into downloading a paid version of their software in order to “remove” the infection. The only catch is when the user does buy their product, additional computer malware is installed on the targeted computer and the problem becomes worse! Some examples of this latest trend in computer malware are the W32.Fake Raken and W32.Barracuda Spyware.

Win32.Fake Raken Description

Fake Raken is one of the latest rogue anti-spyware malware programs to hit the Internet. It claims to scan your computer for malware and will display fake infection warnings after it has been installed on your computer. It will then attempt to convince you that a paid malware removal tool needs to be purchased. Unlike some of the other rogue anti-spyware programs, Fake Raken is adaptable and will change its look and feel depending on the variant your computer has become infected with. It is classified as both a Trojan Virus and as Spyware.

Win32.Fake Raken Aliases

Fake Raken goes by several other names to include: XP Anti-Spyware 2009, XP Security Center, PC Anti-Spyware 2010, Home Anti-Virus 2010, and PC Security 2009.

Symptoms of Fake Raken Infection

Fake Raken symptoms will vary depending on the variant that has infected your computer. Some system changes that you may see are the following files installed on your computer:

Binaries1.cab

Binaries2.cab

Binaries3.cab
%Program Files%\XP_AntiSpyware\AVEngn.dll
%Program Files%\XP_AntiSpyware\htmlayout.dll
%Program Files%\XP_AntiSpyware\pthreadVC2.dll
%Program Files%\XP_AntiSpyware\Uninstall.exe
%Program Files%\XP_AntiSpyware\wscui.cpl
%Program Files%\XP_AntiSpyware\XP_Antispyware.cfg
%Program Files%\XP_AntiSpyware\XP_AntiSpyware.exe
%Program Files%\XP_AntiSpyware\data\daily.cvd
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll
%Program Files%\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll

The following registry entries made on your computer:
Key: HKCU\Control Panel\don’t load
Value: scui.cpl Data: “No”
Value: wscui.cpl Data: “No”

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: ForceClassicControlPanel
Data: 0×1

Key: HKLM\SOFTWARE\Microsoft\Security Center
Value: AntiVirusDisableNotify
Data: 0×1
Value: FirewallDisableNotify
Data: 0×1
Value: UpdatesDisableNotify
Data: 0×1

Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP_AntiSpyware\
Value: DisplayName
Data: “XP Antispyware 2009″
Value: UninstallString
Data: “%Program Files%\XP_AntiSpyware\Uninstall.exe”

The Following Shortcuts Installed on Your Computer:
%Start menu%\Programs\XP_AntiSpyware\XP_AntiSpyware.lnk
%Start menu%\Programs\XP_AntiSpyware\Uninstall.lnk
%Desktop%\XP_AntiSpyware.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk

Display of  fake infection dialogues, pop-ups, and warnings.

Fake Raken Infection Methods

Computer users who don’t enable their firewall are leaving the door open for Fake Raken infection. Once it is on your computer it will attempt to download:  Binaries1.cab, Binaries2.cab, and Binaries3.cab to your computer and then extract them to the Program Files directory. It may or may not display a dialogue box before installing the files on your computer. The Trojan is known to take advantage of web browser security holes and operating system vulnerabilities for the initial infection. Fake Raken also known to display a fake Microsoft security center window on your computer after it has infected it.

Fake Raken Removal Information

Fake Raken is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal. If you are seeing what you believe to be “Fake” infection notifications, then your computer is likely already infected with the Spyware and the Trojan virus that deployed it to your computer.

Computer Spyware is computer malware that infects a user’s computer without their permission. It can be used to steal your private information to a remote computer server and is known to change settings to include: 1 – The Default Search Engine Home Page, 2 – The computer’s default home page, and 3 – Serve as a means to further infect the computer with additional malware. Unlike other computer viruses, Spyware is not normally designed to self-replicate, but rather is made to exploit security vulnerabilities on your computer. Recent developments in computer spyware have seen fake anti-spyware programs deployed in order to trick a user into downloading additional spyware to their computer.

Types of Computer Spyware

Adware

Adware is one of the most common types of spyware on the Internet. Adware normally waits for the user to go online and then displays unsolicited advertisements in the form of pop-up, pop-under, and pop-over advertisements. It also records what websites you visit and sends back to remote computer servers. Some adware variants are knowingly installed by computer users while others are not.

Browser Hijack
Many variants of spyware will hijack your web browser and change your default homepage to one determined by the author of the spyware. Many will also hijack the uniform resource locator (URL) for the major search engines so that your browser is redirected to fake search sites chosen by the spyware author. Browser hijackers will also display unsolicited advertisements upon opening the web browser and send records of your web browser to a remote web server.

Keyboard Logger
Keyboard loggers are designed in order to steal your private information. They are capable of recording the information used to access your bank records, email, and any other website that you use a password or pin number to access. Keyboard loggers are one of the most dangerous variants of computer Spyware due to their ability to steal your private information.

Modem Hijackers

Although these are becoming less prevalent with the migration of Internet users to broadband Internet connections, modem hijacking Spyware still exists. This variant of spyware normally infects your computer as a payload of a Trojan virus or through a peer-to-peer file sharing network. They are also referred to as “Dialers.” Once your computer is infected with a Dialer, the Spyware will dial long distance, premium rated phone numbers that cost you a significant amount of money if not detected early.