Antivirus Removal Report

Antivirus

No Comments

By GoldSparrow in Rogue Anti-Spyware Program | 17 views

Rate it:

(1 votes, average: 4.00 out of 5)

Loading ...

Translate To:

Español |

Português

Antivirus Description

Antivirus is another unwanted computer security software program. It would display alert messages on computer to misled users about the security status of the computer. This false security program has been labeled as rogue and closely related to a Trojan by working to promote itself. Antivirus virus doesn’t have any known security protection nor it could offer defense on computers where it would be installed. Actually, as a rogue software program it was determined to be a threat itself.

Antivirus virus being a useless program must be removed. In addition, if its presence was identified, users should download and install a Antivirus removal tool at once. The longer it is on computer the more harm it could produce.

Type: Rogue AntiSpyware Programs

How Can You Detect Antivirus?

Download SpyHunter’s Detection Scanner
to Detect Antivirus.

Antivirus Technical Report

As new Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Antivirus files with its MD5s were created in the system:

File Name	File Size	MD5

000b09274b.exe	40960	30bf4970351c82c823a1c2602e406666
78gbc8r.exe	16384	39e8a79ad1b3b15389a2bc6172b2da7c
chnb8895.exe	540672	309f1bd749e7efeee56c11a8f4c48a78
avinstaller1.exe	23040	6e55e02218641ca73bf969f47de35735
securityupdate.exe	731097	c484aefda9897c7798ce416acbe1020c

Antivirus has typically the following processes in memory:

C:\Program Files\Antivirus\AvBho.dll
C:\Program Files\Antivirus\Antivirus.exe
C:\Program Files\Antivirus\wscsvc32.exe
%Temp%\winupd64x.exe
C:\Program Files\Antivirus\Uninstall.exe

Antivirus creates the following registry entries:

HKEY_CLASSES_ROOT\CLSID\{9d541c6a-573b-4888-b35e-6816e68c3620}
HKEY_CLASSES_ROOT\TypeLib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus
HKEY_CLASSES_ROOT\AvBho.AvBhoApp.1
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “wscsvc32.exe”
HKEY_CLASSES_ROOT\AvBho.AvBhoApp
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus.exe”

Important Article Disclaimer

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

This entry was posted on 10/9/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.