Saturday, June 12, 2010

Defense Center virus/malware

Defense Center is a new malicious program that classified as rogue antispyware application. It is from same family of rogues as Protection Center, Data Protection, Digital Protection, Your Protection, User Protection, Dr. Guard, Paladin Antivirus, Malware Defense and Anti Malware.

 Screen shoot of Defense Center

Like  other rogues, Defense Center installed through trojans. When the rogue is started, it will imitate a system scan and report various infections. All of these infections are a fake.

Defense Center is scam, which created with one purpose - to trick user into purchasing so-called "full" version of the program.

If your computer is infected with this malware then use the Defense Center removal instructions or the video guidelines.

Tuesday, June 8, 2010

AV Security Suite removal instructions

AV Security Suite is a new rogue antispyware from the same family of rogues as Antispyware Soft, Antivirus Soft, Antivirus Live, etc.

HijackThis shows AV Security Suite infection:

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe

What AV Security Suite does

AV Security Suite is not a legitimate security tool. Unlike it, the rogue uses trojans to install itself and only looks like a normal antispyware tool, but in reality, this program can not remove viruses, trojans, etc., nor will be protect your computer from legitimate future infections. AV Security Suite created with one purpose to trick you into purchasing the full version of the software.

Scree shoot of AV Security Suite

During installation, AV Security Suite will configure itself to run automatically every time when your computer starts. After that, it will start a scan and detect a lot of infections. These fake infection can only be removed with a full version of the program. Obviously, such results are a fraud, the program want to scare you into thinking that your computer is infected with malicious software.

While AV Security Suite is running, it will flood your computer with fake security alert and notifications from Windows task bar. Furthermore, the rogue may disable Task Manager, block legit Windows programs, including antivirus and antispyware tools, from running and hijack Internet Explorer so, that it will display various misleading notifications about phishing websites and other security threats.

As you can see, AV Security Suite is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the removal guide below and remove AV Security Suite from your computer manually for free.

How to remove AV Security Suite


Download HijackThis from here, but before saving, in the Save dialog, rename HijackThis.exe to iexplore.exe and save it to your desktop.

Run HijackThis. In the main menu click to "Do a system scan only" button. Look for these lines and place a checkmark against each of the following, if still present

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe

When finished, you will see a window like below.



Make sure your Internet Explorer (or any other browser) is closed when you click Fix Checked! Close HijackThis.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software


Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

Note: if you can`t download or run these suggested program above, boot your computer in Safe mode with networking and repeat the above steps once again.

If the instructions does not help you, then ask for help in the Spyware removal forum.

Sysinternals Antivirus removal instructions

Sysinternals Antivirus is a new rogue antispyware from the same family of rogues as XJR Antivirus, AKM Antivirus 2010, etc.

HijackThis shows Sysinternals Antivirus infection

O2 – BHO: ADC PlugIn – {149256D5-E103-4523-BB43-2CFB066839D6} – C:\Program Files\adc_w32.dll
O23 – Service: Adobe Update Service (AdbUpd) – Unknown owner – C:\Program Files\svchost.exe

What Sysinternals Antivirus does

The design of Sysinternals Antivirus looks like a normal antispyware tool, but in reality, this program can not remove viruses, trojans, etc., nor will be protect your computer from legitimate future infections. Sysinternals Antivirus created with one purpose to trick you into purchasing the full version of the software.

Sysinternals Antivirus is promoted and installed through the use of trojans. When the trojan is activated, it will download and install the rogue onto your PC without your permission and knowledge.

Screen shoot of Sysinternals Antivirus

Once started, Sysinternals Antivirus will add itself into Windows registry to run automatically every time when your computer starts. After that, it starts scanning procedure, which results in finding a lot of trojans, viruses and other malicious programs. Obviously, such results are a fraud, the program want to force you to believe that your computer is infected.

While Sysinternals Antivirus is running, it will flood your computer with fake security alert and notifications from Windows task bar that stats:

Warning: Infection is Detected. Windows has found spyware infection on your computer! Click here to update your Windows antivirus software…

Internet attack attempt detected: Somebody is trying to attack your PC: This can result in loss of your personal information and infection other computers connected to your network. Click here to prevent attack


Warning. Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.


Furthermore, the rogue may disable Task Manager and block legitimate Windows applications from running. If you will try to run an application you will see a warning as shown below and this application will be stopped.

Warning! Running of application is impossible. The file C:\Windows\System32\notepad.exe is infected.

From the above, obviously, Sysinternals Antivirus is a dangerous program, whose presence on your computer is absolutely undesirable. Use the removal instructions below to remove this malware for free.

How to remove Sysinternals Antivirus


Download fix.zip from here. Unzip it. Double Click fix.reg and click YES for confirm. Reboot your computer.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software


Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

Note: if you can`t download or run these suggested program above, boot your computer in Safe mode with networking and repeat the above steps once again.

If the instructions does not help you, then ask for help in the Spyware removal forum.

Friday, June 4, 2010

AV Security Suite - rogue antispyware program

AV Security Suite is a fresh rogue antispyware program from the same family of malware as Antispyware Soft, Antivirus Soft, Antivirus Live, etc.

Screen shoot of AV Security Suite from S!Ri.URZ blog

Like other rogue antispyware programs, AV Security Suite spreads through the use of trojans and imitates a system scan that reports false infections as method to trick user into purchasing a full version of the program.

If your computer is infected with the rogue, then follow the AV Security Suite removal instructions.

Thursday, June 3, 2010

Sysinternals Antivirus - rogue antispyware program

Sysinternals Antivirus is a rogue antispyware application from Windows Police Pro family of malware as XJR Antivirus, AKM Antivirus 2010 Pro, Your PC Protector, Windows Antivirus Pro and Windows Police Pro.


Screen shoot of Sysinternals Antivirus

Sysinternals Antivirus is promoted and installed through the use of trojans. Once installed, the rogue will detect false infections to scare user you into thinking that the computer in danger.

While Sysinternals Antivirus is running, it will flood the computer with fake security alerts and notifications.

If your computer is infected with this malware, then follow the Sysinternals Antivirus removal guide.

Wednesday, June 2, 2010

Protection Center removal guide

Protection Center is not a legitimate security tool, it is dangerous computer parasite, which classified as rogue antispyware program.

HijackThis shows Protection Center infection:

O4 – HKCU\..\Run: [Protection Center] “C:\Program Files\Protection Center\cntprot.exe” -noscan

What Protection Center does

Protection Center looks like a normal antispyware application, but in reality, this program is not able to perform any type of security related functions when installed on a computer. This program created with one purpose to trick you into purchasing the full version of the software.

Protection Center is promoted through the use of trojans that come from various misleading websites. When the trojan is activated, it will download and install the rogue onto your computer without your permission and knowledge.

Screen shoot of Protection Center

When running, Protection Center will configure itself to run automatically every time when your computer starts. After that, it will perform a fake system scan and list a variety of infections or potentially dangerous files. It states that your computer is infected with adware, trojans, worms or malware and that you should purchase Protection Center to remove these infections. Obviously, such results are a fraud, the program want to scare you into thinking that your computer is infected with malicious software.

While Protection Center is running, it will flood your computer with fake security alert and notifications from Windows task bar. Furthermore, the rogue may disable Task Manager and block most legitimate Windows programs from running.

As you can see, Protection Center is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the Protection Center removal guide below in order to remove this malware from your computer for free.

How to remove Protection Center


Download fix.zip from here. Unzip it. Double Click fix.reg and click YES for confirm. Reboot your computer.

Download TDSSKiller from here and unzip to your desktop.
Open tdsskiller folder and run TDSSKiller. Follow the prompts.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software


Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

Note: if you can`t download or run these suggested program above, boot your computer in Safe mode with networking and repeat the above steps once again.

If the instructions does not help you, then ask for help in the Spyware removal forum.

Protection Center - rogue antispyware

Protection Center is a new rogue antispyware program from same family of rogues as Data Protection, Digital Protection, Your Protection, User Protection, Dr. Guard, Paladin Antivirus, Malware Defense and Anti Malware.


Screen shoot of Protection Center

Protection Center is installed onto a computer through trojans. Once started, it will simulate a scan and reports a lot of infections. All of these infections are fake.

Protection Center is scam, that created only for one - to trick user into purchasing so-called "full" version of the program.

If your computer is infected with this malware then use the Protection Center removal guidelines.