HijackThis shows Antivirus Monitor infection:
O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}.exeWhat Antivirus Monitor does
Antivirus Monitor is distributed through the use of trojans that come from various misleading websites. When the trojan is started, it will install this malware. On first run, AntivirusMonitor will configure itself to start automatically when Windows loads. Next, the fake antivirus will simulate a system scan and list a lot of false infections that actually does not exist!Screen shoot of Antivirus Monitor
Antivirus Monitor will state that your computer is infected with adware, trojans, worms or malware with one purpose - to scare you into thinking that your PC in danger. Obviously, such results are a fraud, so you can freely ignore them.
While Antivirus Monitor is running, it will flood your computer with fake security alert and notifications from Windows task bar. Moreover, the rogue will disable Task Manager and hijack Internet Explorer so, that it will display a misleading notification that states - "Internet Explorer Warning – visiting this web site may harm your computer!". Of course, all of these alerts and messages are a fake and like false scan results should be ignored.
Remember, AntivirusMonitor is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the Antivirus Monitor virus removal guide in order to remove this malware from your computer for free.
Antivirus Monitor associated files and registry keys:
%Temp%\[RANDOM]\
%Temp%\[RANDOM]\[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:32115″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | [RANDOM]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [RANDOM]
No comments:
Post a Comment