Click on screenshot to zoom
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

Antivirus

There are many fantastic security products on the market which will protect your PC’s health and security, but Antivirus is certainly not one of them. This insidious rogue antispyware application was designed exclusively with the goal of ripping its victims off with no regard for the damage it causes their systems in the process. Antivirus, despite what it would like its victims to believe has none of the abilities it proclaims to have, and cannot detect, quarantine or remove any viruses as it is a virus in itself.

Delivered to the system via fake online malware scanners and illicit websites, Antivirus will enter the system stealthily and without the permission of the PC owner. It will remain hidden until such time as it deems it appropriate to reveal its presence on the system to the user. Other popular forms of infection include spreading its Trojans with the help of illicit websites making use of drive-by download techniques. Some of these criminal domains are: http://just-protect-pc.info, http://70.38.11.165.info, http://clear-virus.info, http://clean-your-pc.info, http://your-security-center.com and http://gyrosoftware.com/purchase. Antivirus also bundles its Trojans and malware together with other legitimate security updates and downloads obtained from third party websites. Antivirus is a sneaky fake security application, which needs to be dealt with sooner rather than later. When the Antivirus Trojan (Antivirusinstaller.exe) enters the system, it will install the Fake Windows Security Center (wscsvc32.exe) on the system.

Antivirus has also been known to operate under the following aliases:

* Trojan-Downloader.Win32.FraudLoad.glk
* Gen:Malware.Heur.qqX@by79tZd
* Win32.Packed.Krap.c.4
* Win32/JustProtectPc.A
* FakeAlert-WinwebSecurity.gen
* Trojan:Win32/FakeXPA
* Win32/Kryptik.ALS
* Trojan.Win32.FakeAV.ayn
* RogueAntiSpyware.AntiVirusN1
* TR/Crypt.XPACK.Gen

As a first line of attack against the system, Antivirus will scan the PC with a fake malware scanner which resembles that of a genuine Microsoft application, and will then report on a list of false positive threats on the PC. It will do this by assailing the user with various false security alerts in the form of pop up messages. These fake alerts are without merit, and thus should enjoy no attention whatsoever. Antivirus will add sneaky calls to action in these fake alerts that should not be reacted to, as it will only serve to aid Antivirus in its quest to rip the consumer off. One of these fake alerts reads as follows:

"Your computer is infected with viruses and requires an immediate protection. Ignoring this message will result in a permanent file system damage and all personal data loss. Antivirus will remove all malicious threats and protect your PC from future attacks. Purchase Antivirus, click Buy Now."

Take note of the spelling and grammatical mistakes present in the above fake alert. This should already act as a warning sign that Antivirus is not a genuine security tool. Other fake security messages from Antivirus include:

"Critical Security Warning! Your PC was infected with self-replicating virus after Spyware attack. Windows Defender Scanner will perform a free scan of your PC to find all System Threats."

"Spyware activity alert! spyware IEMonster activity detected. It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal."

"System files modification alert! some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. click here to block unauthorized
modifications by removing threats (Recommended)."

The Trojan downloader in this instance is named Antivirusinstaller.exe, and its file size is 269KB. Antivirusinstaller.exe is detected by 27/40 (67.5%) of the anti-virus engines available at VirusTotal.

Also, as a result of the Antivirus infection, the Windows hosts file was modified and the following URL-to-IP mappings were added:

* 174.142.113.204 just-protect-pc.info
* 70.38.11.165 review.2009softwarereviews.com
* 70.38.11.165 a1.review.zdnet.com
* 70.38.11.165 d1.reviews.cnet.com
* 70.38.11.165 reviews.toptenreviews.com
* 70.38.11.165 reviews.download.com
* 70.38.11.165 reviews.pcadvisor.co.uk
* 70.38.11.165 reviews.pcmag.com
* 70.38.11.165 reviews.pcpro.co.uk

In order to protect your PC from the certain irrevocable damage posed by this harmful rogue, get rid of Antivirus at the earliest opportunity. Do not waste another minute taking back control of your PC. Invest in a properly functioning security tool which will not only erase Antivirus from the PC for good, but also offer continued protection against similar threats.

Download Spyware Removal Tool to Remove* Antivirus
  • Quick & tested solution for Antivirus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Antivirus

Files associated with Antivirus infection:

wscsvc32.exe
AntivirusGolden.exe
Antivirusgolden 4.0.exe
Antivirusgolden 3.8.exe
Antivirusgold 4.1.exe
Antivirus-Golden.exe
securityupdate.exe
avinstaller1.exe
chnb8895.exe
78gbc8r.exe
000b09274b.exe
compwiz.exe

Antivirus processes to kill:

wscsvc32.exe
AntivirusGolden.exe
Antivirusgolden 4.0.exe
Antivirusgolden 3.8.exe
Antivirusgold 4.1.exe
Antivirus-Golden.exe
securityupdate.exe
avinstaller1.exe
chnb8895.exe
78gbc8r.exe
000b09274b.exe
compwiz.exe

Remove Antivirus registry entries:

Antivirus-Golden
AntivirusGolden 4.0
AntivirusGolden 3.8
AntivirusGolden 4.1
MicrosoftWindowsCurrentVersionRunavguard3876
MicrosoftWindowsCurrentVersionRunavagent3974
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.