AV Protection Online

By ESGI Advisor in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 18
First Seen: October 18, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

AV Protection Online Image

AV Protection Online is a fake security application. This bogus security program is a clone of previous malware threats such as Guard Online, AV Guard Online, AV Guardian Online, and Guardian Online. All of the previously-mentioned programs are actually extremely similar versions of the same fake security application. Hackers take the same malicious program and simply make a few tweaks to the interface. By simply changing the rogue security application's name and some of its features, hackers can constantly stay ahead of malware researchers and the latest malware databases. ESG security researchers consider that AV Protection Online is a dangerous threat to an operating system. If you have installed AV Protection Online onto your computer, you must understand that AV Protection Online is not a real security application. This fake security program is designed to steal your money through the use of deceptive tactics and outright lies. ESG PC security analysts strongly recommend removing AV Protection Online with a legitimate, up-to-date anti-malware application.

How the AV Protection Online Scam Works

Programs like AV Protection Online are part of a well-established online scam. Malware analysts refer to these kinds of fake security applications as rogues, or rogue security programs. Rogue security programs use a combination of Trojans, social engineering and malicious scripts, in order to wreak havoc on an infected computer system. Meanwhile, the user's interface is designed to display a constant barrage of fake security alerts, error messages and alarming, but fake, system scans. The whole aim of scams like AV Protection Online is to make the victim believe that the computer is severely infected with a variety of Trojans and viruses, that AV Protection Online is actually is a real security program that can solve these imaginary threats, and that the victim must purchase a "full version" of AV Protection Online in order to restore the infected computer to normal. Below, ESG PC security researchers have listed some symptoms associated with a AV Protection Online infection.

  1. Computers infected with AV Protection Online will run very slowly and become unstable.
  2. Computers infected with AV Protection Online will have trouble connecting to the Internet and some files may be blocked completely.
  3. Victims of AV Protection Online will be pestered constantly with a large number of alarming security alerts and error messages.
  4. Whenever the user attempts to use AV Protection Online to solve these problems, he/her will be directed to purchase a "full version" of AV Protection Online.

ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove AV Protection Online

File System Details

AV Protection Online may create the following file(s):
# File Name MD5 Detections
1. atxP0ycS1b3n4.exe b3ed62012255aed5b965449e921ab4df 3
2. %Windows%\system32\[RANDOM CHARACTERS].exe
3. %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp
4. %Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\
5. %Documents and Settings%\[UserName]\Desktop\AV Protection Online.lnk
6. %Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS]\
7. %Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\AV Protection Online.lnk
8. %Documents and Settings%\[UserName]\Application Data\ldr.ini
9. %AppData%\dvS2obF4pGsJdKg\AV Protection Online.ico
10. svhostu.exe b30db04a303ca1c54964a37f23a0ed37 0

Registry Details

AV Protection Online may create the following registry entry or registry entries:
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001?
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http=127.0.0.1:53717"
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001?

Messages

The following messages associated with AV Protection Online were found:

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Trending

Most Viewed

Loading...