Posts Tagged ‘antivirus 2010’

antivirus 2010 rogue software removal

January 9th, 2009 | Author:

Screenshot of antivirus 2010 fake anti-virus software

From the same type of spyware as before (Antivirus 2008, Antivirus 2009) this bug announces to you it has found your system to be full of bugs and errors. (relax, if you’ve got this bug you’re not infected with viruses and Trojans)

It’s goal is to get you to buy antivirus 2010 for $49.99 and it’s a scummy tactic to infect your computer with malware to try to sell you anything.

How did I get infected with this?

Most likely you were browsing the web and clicked on a free scan, or a warning saying you were infected with some bug. then the installer installs this malware on your unit making it a pain in the *SS to use your system.

How do I get Rid of this bug?

Here are the associated files and at the bottom is a link to malware bytes removal tool,

It is shareware but will allow you to remove the infection for free.

If you find yourself the victim of these bugs on a regular basis, I recommend purchasing a license for malware bytes. (I did just because I wanted to support their software development.)

Associated Antivirus 2010 Files:

c:\Program Files\AV2010
c:\Program Files\AV2010\AV2010.exe
c:\Program Files\AV2010\svchost.exe
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\wingamma.exe
c:\Documents and Settings\All Users\Desktop\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk

Associated Antivirus 2010 Windows Registry Information:

HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Gamma Display”

Malware bytes anti-malware tool is effective as a removal method.

Instructions can be Found at http://www.bleepingcomputer.com/malware-removal/remove-antivirus-2010

APPENDED:

If you cannot download the latest version, or get this program to install,

Click HERE for a locally hosted version.

I’ve renamed the installer to keep this bug from preventing it’s execution.

Once installed, open my computer, C:, Program files,Malware Bytes.

Right click mbam.exe and copy

Right click and paste.

You will see a new file called copy of mbam.exe appear,

Execute this version as it will run where the other version has been blocked by antivirus 2009.

 

In addition:

Please download gmer here (renamed to cmer.exe) and excecute it to be certain you are not infected with a rootkit. If you find yourself infected, please call me immediately.

 

Thank you.

520-861-1673

Chuck House

Posted in Virus & Malware Removal | Tags: , | Comments Closed
Search
Categories
Archives
Bookmarks

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 Core Data Recovery. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.