Antivirus 2010 RTK

Antivirus 2010 RTK Description

Antivirus 2010 RTK is a rogue anti-virus application used to distribute a dangerous rootkit. Once Antivirus 2010 RTK has installed and executed the rootkit, the rootkit will give a remote attacker access to the compromised system. The remote attacker will be able to steal confidential information from the PC such as pass words, usernames or other data. The rootkit will also monitor a victim's online activities and harvest other types of data. Antivirus 2010 RTK will also display a fake system scanner, security alerts and pop-ups in order to convince a victim that his/her system has malware that can only be removed with the rogueware's full version, which has to be purchased. Do not purchase Antivirus 2010 RTK or believe any of the security alerts it displays. Antivirus 2010 RTK is a criminal application that should be removed from a PC upon detection.

Technical Information

File System Details

Antivirus 2010 RTK creates the following file(s):
# File Name Detection Count
1 c:\WINDOWS\system32\drivers\vbma22b4.sys N/A
2 c:\WINDOWS\system32\IEDefender.dll N/A
3 c:\WINDOWS\system32\us[1 RANDOM CHARACTER]rinit.exe N/A
4 c:\Program Files\AV2010\svchost.exe N/A
5 c:\WINDOWS\system32\mswmqnei.dll N/A
6 c:\Program Files\AV2010\AV2010.exe N/A
7 c:\WINDOWS\system32\wingamma.exe N/A
8 c:\Documents and Settings\All Users\Desktop\AV2010.lnk N/A
9 c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk N/A
10 c:\Program Files\AV2010 N/A
11 c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk N/A
12 c:\Documents and Settings\All Users\Application Data\.wtav N/A
13 c:\Documents and Settings\All Users\Start Menu\Programs\AV2010 N/A

Registry Details

Antivirus 2010 RTK creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFBCFDBA
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"
HKEY_CLASSES_ROOT\Interface\{35c95ec8-f789-9a3a-375c-bdb89a3684fd}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014