What is AntiVirGear?
AntiVirGear is installed on the computer through Trojan.Zlob without user permission or notice. Trojan existence can be identified by Windows system security alerts. Warnings appear in the taskbar area saying: system has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution. After clicking on alert, user is taken to payment page. AntiVirGear should be removed as soon as it has been detected to avoid further PC failure.
Also known as AntiVirGear 3.7, AntiVirGear 3.8.
Related threats: VirusHeat, VirusRay, SpywareQuake, VirusProtect
Fake security alert:
Also known as AntiVirGear 3.7, AntiVirGear 3.8.
Related threats: VirusHeat, VirusRay, SpywareQuake, VirusProtect
Fake security alert:
AntiVirGear removal tool:
- Spyware Doctor (see here for the installation guide)
Screenshot:
AntiVirGear Entries:
The following dll files are created: beahahl.dll, bqrcr.dll, bubbj.dll, clbrcek.dll, ddllup.dll, eulbn.dll, fifzqip.dll, flirek.dll, fnczfh.dll, fqgwiw.dll, fwzozx.dll, gaaplp.dll, gdrtul.dll, hteogat.dll, hymww.dll, ieffse32.dll, iheuv.dll, ijftc.dll, itdtjjf.dll, jrpkmgh.dll, lgaac.dll, mxhfjy.dll, nczupfw.dll, pluwue.dll, rmtdvc.dll, rnxwph.dll, rrtrit.dll, siiyal.dll, sttwrd.dll, swqzdtj.dll, tkosvv.dll, txxkb.dll, ugbtna.dll, veptlh.dll, vmlwp.dll, vtewupi.dll, vusxqm.dll, vzfhprk.dll, wqzdtjg.dll, xovdzz.dll, yneid.dll, zdhgsp.dll
The following files are created:
AntiVirGear 3.7.exe, AntiVirGear 3.8.exe
Hijackthis Entries:
O2 Entries
O2 - BHO: ieffse32.msdn_hlp - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - C:\WINDOWS\system32\ieffse32.dll
O4 Entries
O4 - HKLM\..\Run: [AntiVirGear 3.7] "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe" /h
O4 - HKLM\..\Run: [AntiVirGear 3.8] "C:\Program Files\AntiVirGear 3.8\AntiVirGear 3.8.exe" /h
O22 Entries
O22 - SharedTaskScheduler: beers - {b8ea5f37-7327-4923-9808-8fd3b6f0d529} - C:\Windows\system32\ddllup.dll
O22 - SharedTaskScheduler: gulch - {143404b0-ee92-40a7-8705-06fba9a7abf4} - C:\WINDOWS\system32\wqzdtjg.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - C:\WINDOWS\system32\vmlwp.dll
O22 - SharedTaskScheduler: andropogon - {655560a9-3ca8-4509-9632-6abbef21426b} - C:\WINDOWS\system32\lgaac.dll
O22 - SharedTaskScheduler: bund - {27882a9f-8937-4ae4-87ab-ed669c8b6d7a} - C:\WINDOWS\system32\iheuv.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll
O22 - SharedTaskScheduler: escalators - {cc25189b-1b13-4abe-900e-65e08bd961af} - C:\WINDOWS\system32\zdhgsp.dll
O22 - SharedTaskScheduler: haruspicy - {60dea04c-9817-4309-bfa2-f8a1766c3cd1} - C:\WINDOWS\system32\jrpkmgh.dll
O22 - SharedTaskScheduler: aldoa - {adf64b1b-c68c-4ce8-bb55-258b7b8b0f81} - C:\WINDOWS\system32\swqzdtj.dll
O22 - SharedTaskScheduler: cacomixls - {5feba593-3e6d-4606-ae6e-0680501cd29e} - C:\WINDOWS\system32\vusxqm.dll
O22 - SharedTaskScheduler: draughtsmanship - {b02c6db1-a1ea-470f-8100-b1391463ba92} - C:\WINDOWS\system32\rnxwph.dll
O22 - SharedTaskScheduler: homeridae - {95dde900-8bf3-428c-b9be-8345c9d194f7} - C:\WINDOWS\system32\vzfhprk.dll
O22 - SharedTaskScheduler: hydria - {79cdca21-5055-4cae-b609-e1685ef55cf7} - C:\WINDOWS\system32\hymww.dll
O22 - SharedTaskScheduler: endopsychic - {92050ffb-b796-4146-ae27-7e5e1d93b8a8} - C:\WINDOWS\system32\veptlh.dll
O22 - SharedTaskScheduler: comitatus - {98013eb8-258b-4979-bfd5-04ecd93f765c} - C:\WINDOWS\system32\txxkb.dll
O22 - SharedTaskScheduler: bearlike - {02e155c1-202c-43a5-a212-58bb67d4341c} - C:\WINDOWS\system32\hteogat.dll
O22 - SharedTaskScheduler: checkman - {8a96d76c-97fc-42c8-8e68-5613bacef854} - C:\WINDOWS\system32\rmtdvc.dll
O22 - SharedTaskScheduler: evangeliarium - {34ec76b6-53c4-4686-822f-910c790683fb} - C:\WINDOWS\system32\flirek.dll
O22 - SharedTaskScheduler: ataxics - {16be3225-e902-4d2a-ac98-aab162796927} - C:\WINDOWS\system32\fifzqip.dll
O22 - SharedTaskScheduler: chinned - {a47e7ce0-263d-40aa-86bc-27c1f6433143} - C:\WINDOWS\system32\gdrtul.dll
O22 - SharedTaskScheduler: eurymus - {ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b} - C:\WINDOWS\system32\rrtrit.dll
O22 - SharedTaskScheduler: designers - {f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5} - C:\WINDOWS\system32\sttwrd.dll
O22 - SharedTaskScheduler: armillifer - {e1adb94e-0dc6-487c-b274-981bee6301a1} - C:\WINDOWS\system32\siiyal.dll
O22 - SharedTaskScheduler: inquisitionist - {12a8c4e6-06c8-4ab3-9274-a0cde148e3da} - C:\WINDOWS\System32\clbrcek.dll
O22 - SharedTaskScheduler: forayer - {e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2} - C:\WINDOWS\System32\gaaplp.dll
O22 - SharedTaskScheduler: benzaldoxime - {a6d478c6-7961-4fe9-be4b-e621dd640112} - C:\WINDOWS\System32\nczupfw.dll
O22 - SharedTaskScheduler: celtiberi - {7999c5e2-b500-4ba5-8e9a-99639eca65fc} - C:\WINDOWS\system32\mxhfjy.dll
O22 - SharedTaskScheduler: anomuran - {eb4c6870-721f-4989-9c90-8cbfa46d0298} - C:\WINDOWS\system32\beahahl.dll
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - C:\WINDOWS\system32\ugbtna.dll
O22 - SharedTaskScheduler: frumps - {837d024d-e0fb-44e8-acb1-24ec2309c487} - C:\WINDOWS\system32\tkosvv.dll
O22 - SharedTaskScheduler: curing - {3aea41ad-3ce4-48d9-acab-be40ad329e40} - C:\WINDOWS\system32\fqgwiw.dll
O22 - SharedTaskScheduler: barysilite - {c74f7434-a6e7-46c3-bf60-62a005074fe5} - C:\WINDOWS\system32\fwzozx.dll
O22 - SharedTaskScheduler: decompoundly - {7dfa04a9-5e60-458b-ace4-4a7613504e8d} - C:\WINDOWS\system32\itdtjjf.dll
O22 - SharedTaskScheduler: complacential - {41591d7f-9e25-4bd0-af53-9908fcf3a738} - C:\WINDOWS\system32\yneid.dll
O22 - SharedTaskScheduler: brachypyramid - {2dcea392-ea10-4e6d-aba4-329ac377119c} - C:\WINDOWS\system32\bqrcr.dll
O22 - SharedTaskScheduler: arturo - {48a7a70a-e118-4506-a373-c9d4e8a212a1} - C:\WINDOWS\system32\eulbn.dll
O22 - SharedTaskScheduler: citrinous - {a6fddce1-36ae-41c1-87d3-f49e514273d4} - C:\WINDOWS\system32\fnczfh.dll
O22 - SharedTaskScheduler: bothrops - {1977ce08-a38f-43db-a856-f4aa6122131b} - C:\WINDOWS\system32\xovdzz.dll
O22 - SharedTaskScheduler: eulalia - {831b4681-6ab9-436c-b2f1-6139158e3a91} - C:\WINDOWS\system32\vtewupi.dll
O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - C:\WINDOWS\system32\bubbj.dll
O22 - SharedTaskScheduler: bigfeet - {a6a36d4a-1a41-4d0e-adf2-e797f230c20a} - C:\WINDOWS\system32\ijftc.dll
O2 - BHO: ieffse32.msdn_hlp - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - C:\WINDOWS\system32\ieffse32.dll
O4 Entries
O4 - HKLM\..\Run: [AntiVirGear 3.7] "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe" /h
O4 - HKLM\..\Run: [AntiVirGear 3.8] "C:\Program Files\AntiVirGear 3.8\AntiVirGear 3.8.exe" /h
O22 Entries
O22 - SharedTaskScheduler: beers - {b8ea5f37-7327-4923-9808-8fd3b6f0d529} - C:\Windows\system32\ddllup.dll
O22 - SharedTaskScheduler: gulch - {143404b0-ee92-40a7-8705-06fba9a7abf4} - C:\WINDOWS\system32\wqzdtjg.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - C:\WINDOWS\system32\vmlwp.dll
O22 - SharedTaskScheduler: andropogon - {655560a9-3ca8-4509-9632-6abbef21426b} - C:\WINDOWS\system32\lgaac.dll
O22 - SharedTaskScheduler: bund - {27882a9f-8937-4ae4-87ab-ed669c8b6d7a} - C:\WINDOWS\system32\iheuv.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll
O22 - SharedTaskScheduler: escalators - {cc25189b-1b13-4abe-900e-65e08bd961af} - C:\WINDOWS\system32\zdhgsp.dll
O22 - SharedTaskScheduler: haruspicy - {60dea04c-9817-4309-bfa2-f8a1766c3cd1} - C:\WINDOWS\system32\jrpkmgh.dll
O22 - SharedTaskScheduler: aldoa - {adf64b1b-c68c-4ce8-bb55-258b7b8b0f81} - C:\WINDOWS\system32\swqzdtj.dll
O22 - SharedTaskScheduler: cacomixls - {5feba593-3e6d-4606-ae6e-0680501cd29e} - C:\WINDOWS\system32\vusxqm.dll
O22 - SharedTaskScheduler: draughtsmanship - {b02c6db1-a1ea-470f-8100-b1391463ba92} - C:\WINDOWS\system32\rnxwph.dll
O22 - SharedTaskScheduler: homeridae - {95dde900-8bf3-428c-b9be-8345c9d194f7} - C:\WINDOWS\system32\vzfhprk.dll
O22 - SharedTaskScheduler: hydria - {79cdca21-5055-4cae-b609-e1685ef55cf7} - C:\WINDOWS\system32\hymww.dll
O22 - SharedTaskScheduler: endopsychic - {92050ffb-b796-4146-ae27-7e5e1d93b8a8} - C:\WINDOWS\system32\veptlh.dll
O22 - SharedTaskScheduler: comitatus - {98013eb8-258b-4979-bfd5-04ecd93f765c} - C:\WINDOWS\system32\txxkb.dll
O22 - SharedTaskScheduler: bearlike - {02e155c1-202c-43a5-a212-58bb67d4341c} - C:\WINDOWS\system32\hteogat.dll
O22 - SharedTaskScheduler: checkman - {8a96d76c-97fc-42c8-8e68-5613bacef854} - C:\WINDOWS\system32\rmtdvc.dll
O22 - SharedTaskScheduler: evangeliarium - {34ec76b6-53c4-4686-822f-910c790683fb} - C:\WINDOWS\system32\flirek.dll
O22 - SharedTaskScheduler: ataxics - {16be3225-e902-4d2a-ac98-aab162796927} - C:\WINDOWS\system32\fifzqip.dll
O22 - SharedTaskScheduler: chinned - {a47e7ce0-263d-40aa-86bc-27c1f6433143} - C:\WINDOWS\system32\gdrtul.dll
O22 - SharedTaskScheduler: eurymus - {ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b} - C:\WINDOWS\system32\rrtrit.dll
O22 - SharedTaskScheduler: designers - {f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5} - C:\WINDOWS\system32\sttwrd.dll
O22 - SharedTaskScheduler: armillifer - {e1adb94e-0dc6-487c-b274-981bee6301a1} - C:\WINDOWS\system32\siiyal.dll
O22 - SharedTaskScheduler: inquisitionist - {12a8c4e6-06c8-4ab3-9274-a0cde148e3da} - C:\WINDOWS\System32\clbrcek.dll
O22 - SharedTaskScheduler: forayer - {e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2} - C:\WINDOWS\System32\gaaplp.dll
O22 - SharedTaskScheduler: benzaldoxime - {a6d478c6-7961-4fe9-be4b-e621dd640112} - C:\WINDOWS\System32\nczupfw.dll
O22 - SharedTaskScheduler: celtiberi - {7999c5e2-b500-4ba5-8e9a-99639eca65fc} - C:\WINDOWS\system32\mxhfjy.dll
O22 - SharedTaskScheduler: anomuran - {eb4c6870-721f-4989-9c90-8cbfa46d0298} - C:\WINDOWS\system32\beahahl.dll
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - C:\WINDOWS\system32\ugbtna.dll
O22 - SharedTaskScheduler: frumps - {837d024d-e0fb-44e8-acb1-24ec2309c487} - C:\WINDOWS\system32\tkosvv.dll
O22 - SharedTaskScheduler: curing - {3aea41ad-3ce4-48d9-acab-be40ad329e40} - C:\WINDOWS\system32\fqgwiw.dll
O22 - SharedTaskScheduler: barysilite - {c74f7434-a6e7-46c3-bf60-62a005074fe5} - C:\WINDOWS\system32\fwzozx.dll
O22 - SharedTaskScheduler: decompoundly - {7dfa04a9-5e60-458b-ace4-4a7613504e8d} - C:\WINDOWS\system32\itdtjjf.dll
O22 - SharedTaskScheduler: complacential - {41591d7f-9e25-4bd0-af53-9908fcf3a738} - C:\WINDOWS\system32\yneid.dll
O22 - SharedTaskScheduler: brachypyramid - {2dcea392-ea10-4e6d-aba4-329ac377119c} - C:\WINDOWS\system32\bqrcr.dll
O22 - SharedTaskScheduler: arturo - {48a7a70a-e118-4506-a373-c9d4e8a212a1} - C:\WINDOWS\system32\eulbn.dll
O22 - SharedTaskScheduler: citrinous - {a6fddce1-36ae-41c1-87d3-f49e514273d4} - C:\WINDOWS\system32\fnczfh.dll
O22 - SharedTaskScheduler: bothrops - {1977ce08-a38f-43db-a856-f4aa6122131b} - C:\WINDOWS\system32\xovdzz.dll
O22 - SharedTaskScheduler: eulalia - {831b4681-6ab9-436c-b2f1-6139158e3a91} - C:\WINDOWS\system32\vtewupi.dll
O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - C:\WINDOWS\system32\bubbj.dll
O22 - SharedTaskScheduler: bigfeet - {a6a36d4a-1a41-4d0e-adf2-e797f230c20a} - C:\WINDOWS\system32\ijftc.dll