AVC Plus

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: December 16, 2014
Last Seen: April 18, 2018
OS(es) Affected: Windows

AVC Plus is a rogue security application. This means that AVC Plus is a threat that is disguised as a security program in order to take money from inexperienced computer users. AVC Plus belongs to a large family of rogue security applications that is known as FakeRean or Braviax. Fake security programs like AVC Plus may follow the same types of strategies when attacking computers. AVC Plus will display bogus scan results, fake security warnings and cause deliberate performance problems on the infected computer. The meaning of this is to heighten the illusion that the victim's PC is severely infected with various threats that need to be removed using AVC Plus. This fake security program also takes over the victim's Web browser, preventing computer users from connecting to the Web, and the affected computer user from running legitimate Windows applications (whenever the computer users attempts to do so, AVC Plus will display a fake security warning claiming that AVC Plus has prevented the application from running a threatening software).

How AVC Plus is Distributed

AVC Plus is distributed using various threat distribution techniques. PC security analysts have observed that AVC Plus may be installed using exploit kits and attack websites. When computer users visit a website that has been compromised with threatening scripts, these will try to install AVC Plus and other threats to the visitor's computer by taking advantage of software vulnerabilities on the targeted PC. AVC Plus also may be installed by disguising itself as a video codec, a fake media player or a desirable file on file sharing networks.

The AVC Plus Attacks

As soon as AVC Plus is installed, it makes changes to the affected PC's settings that allow AVC Plus to run automatically when Windows starts up. AVC Plus will run a fake scan of the victim's computer immediately, displaying a bogus scan result that indicates an alarming number of threats on the victim's PC. If computer users try to use AVC Plus to remove these supposed infections, AVC Plus will claim that it is first necessary to purchase a 'full version' of this fake security application. However, the scan results are completely fake, and AVC Plus cannot to detect or remove threats. One main problem involving AVC Plus is that it will prevent computer users from removing AVC Plus by blocking their software, especially legitimate security programs. AVC Plus will also display fake messages from the Windows Security Center prompting computer users to activate AVC Plus by paying an expensive fee. AVC Plus attacks mainly involve a large number of alarming messages, which include the following examples:

Threat Detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.

Severe System Damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.

Virus Infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

AVC Plus has blocked a program from accessing the internet
This program is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

All of the messages above are fake, just like AVC Plus supposed threat scan. Malware analysts strongly advise that computer users to ignore the messages associated with AVC Plus and avoid paying for this fake security program. Instead, a real anti-malware application that is fully up-to-date should be used to remove AVC Plus completely.

SpyHunter Detects & Remove AVC Plus

File System Details

AVC Plus may create the following file(s):
# File Name MD5 Detections
1. 65520249.exe 0bfbd383709390fdb0e442d42bcf9224 1
2. %AppData%893686b8
3. %CommonAppData%\893686b8
4. %LocalAppData%\.exe
5. %LocalAppData%\893686b8
6. %UserProfile%\Templates\893686b8

Registry Details

AVC Plus may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" = "%LocalAppData%\.exe"

Messages

The following messages associated with AVC Plus were found:

AVC Plus has blocked a program from accessing the internet
This program is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Severe System Damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Threat Detected!
Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.
Virus Infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

1 Comment

I got this malware on my computer last Saturday night, 12/13. It must be brand new, because when I Googled it on a different computer, there were 0 references to it, but checking back today, there are several articles.

It called itself, "AVC Plus Win 7 Protection 2015". I got it by foolishly clicking on an email regarding "my recent Costco order". Since I do order from Costco on a regular basis, I thought it was a legitimate email.

It rendered my computer completely useless! When I tried to launch Revo Uninstaller Pro to look for and remove it, it would not let me start the program, giving me an error message that the path was not valid, or something like that. I also was not allowed to start any virus or malware scanner on the computer, giving me the same message. I then realized that I was not allowed to launch ANY program on the computer... Word, Windows Media Player, etc., etc., giving me the same error message each time. As expected, I was also not allowed to launch the Control Panel to do a System Restore to an earlier time.

I was able to get “AVC Plus Win 7 Protection 2015” off my computer by inserting the original Windows 7 operating system disc, restarting the computer, and booting from the CD/DVD drive. I then chose Repair, and “return the computer to an earlier operating state”. Everything went smoothly and the computer now works perfectly. I ran my malware and virus scanners and found nothing.

Trending

Most Viewed

Loading...