English 
Antivirus 2010 Antivirus 2010
By
ESGI Advisor in Rogue Anti-Spyware Program |
0 views
(No Ratings Yet)
Loading ...
Antivirus 2010 Description
Antivirus 2010 is a rogue anti-spyware program that is similar to other fake security applications such as Antivirus 2009 in the way that it uses tactics to extort money from gullible computer users. Antivirus 2010 is an application that can be automatically installed through a Trojan horse infection all without the computer user’s interaction or permission.
Antivirus 2010 is able to perused computer users into purchasing a full version of Antivirus 2010 through fake pop-up messages and system scans populated with erroneous results. Removal and detection of Antivirus 2010 is usually difficult to perform manually.
Type: Rogue AntiSpyware Programs
Automatic Detection of Antivirus 2010
Antivirus 2010 Technical Report
As new Antivirus 2010 details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Antivirus 2010 files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| AV2010Installer[1].exe | 76308 | 9a2c8b8ae769784faddeab43a92c5627 |
| wingamma.exe | 76308 | 9a2c8b8ae769784faddeab43a92c5627 |
| AV2010.exe | 899072 | 80e023cc2852663832349268b0d18d5f |
| svchost.exe | 276480 | f529fb497387a7d500656745d21969c1 |
| IEDefender.dll | 93184 | e244afd82e1778a6e4030ca5d6329c6d |
| av2010.exe | 1166336 | 0886cb4292bf5120fc2e015eee8058d1 |
| av2010.exe | 1016832 | 09204fcfa301fc93cde72a841c79487a |
| av2010.exe | 1017856 | e9c8962db5d33d21bc0ebcde8ac50032 |
| IEDefender.dll | 110592 | 44a3b6a6ce39001a6f3dec411fe3e028 |
| AV2010Installer[1].exe | 77848 | 151413e2d24646728dad50c0381de797 |
| wingamma.exe | 77848 | 151413e2d24646728dad50c0381de797 |
| AV2010[2].exe | 1009152 | e327ba752e50547f8218773d023ce788 |
| QW2010i.exe | 66560 | da2a119d2e23e4f728dfc75a885b03e3 |
Antivirus 2010 has typically the following processes in memory:
- c:\WINDOWS\system32\wingamma.exe
- IEDefender.dll
- %ALLUSERSPROFILE%\Application Data\AV2010\IEDefender.dll
- c:\Program Files\AV2010\svchost.exe
- AV2010.exe
- %PROGRAMDATA%\av2010\av2010.exe
- %ALLUSERSPROFILE%\Application Data\QW2010\QW2010i.exe
- c:\Program Files\AV2010\AV2010.exe
- AV2010Installer[1].exe
- %ALLUSERSPROFILE%\application data\av2010\av2010.exe
- AV2010[2].exe
Antivirus 2010 created the following directories, files, paths:
- %AllUsersProfile%\Application Data\AV2010
- %ProgramFiles%\AV2010
- %AllUsersProfile%\Start Menu\Programs\AV2010
Antivirus 2010 creates the following registry entries:
- HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
- AppID\3C40236D-990B-443C-90E8-B1C07BCD4A68
- IEDefender.IEDefenderBHO.1
- Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AV2010
- HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
- HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
- FC8A493F-D236-4653-9A03-2BF4FD94F643
- IEDefender.IEDefenderBHO
- 705FD64B-2B7B-4856-9337-44CA1DA86849
- HKEY_CURRENT_USER\Software\AV2010
- HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Gamma Display”
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
- AppID\IEDefender.DLL
- 7BC7565C-5062-43CE-8797-DC2C271140A9
Important Article Disclaimer
