Description
Antivirus Soft is a computer program pretending to be security tool, which is actually a scareware.
Removal instructions
To remove this Spyware infection, download Spyware Doctor, install it and run full computer scan. At the end of the scan choose Fix Checked to start computer cleaning process.
Behavior
· Disabled Task Manager. Blocked from opening either displaying some alert message or without it.
· Fake security warnings. Warnings stating that the computer system is not secure.
· Fake virus alerts. Alerts stating that spyware or viruses have been detected on the computer system.
· Faked Windows Security Center. Windows Security Center generated by fake anti-spyware software and in appearance very similar to the original one displayed by Windows OS
· Heavy rogue program advertising. Notices about fake anti-spyware software that are displayed frequently and are disturbing from work.
· No Internet connection. Blocked Internet access by changing proxy settings
· Slow computer. Slower computer performance noticed.
· The risk of fraudulent payment. Frequent user persuading to buy rogue program license.
Files
C:\Documents and Settings\user\Local Settings\Application Data\prmlmh\vntrsftav.exe
[random string]sysguard.exe
[random string]sftav.exe
[random string]sysguard.exe
[random string]sftav.exe
Symptoms in Hijackthis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 |
O4 - HKLM\..\Run: [ctdgbsgc] C:\Documents and Settings\user\Local Settings\Application Data\prmlmh\vntrsftav.exe |
O4 - HKCU\..\Run: [ctdgbsgc] C:\Documents and Settings\user\Local Settings\Application Data\prmlmh\vntrsftav.exe |
O4 - HKLM\..\Run: [eeqeqhay] C:\Documents and Settings\[user]\Local Settings\Application Data\pafrfi\bshwsysguard.exe |
O4 - HKCU\..\Run: [eeqeqhay] C:\Documents and Settings\[user]\Local Settings\Application Data\pafrfi\bshwsysguard.exe |
* strings in red are random in each case of infection |