Antivirus 2010 RTK

Antivirus 2010 RTK is a rogue anti-virus application used to distribute a dangerous rootkit. Once Antivirus 2010 RTK has installed and executed the rootkit, the rootkit will give a remote attacker access to the compromised system. The remote attacker will be able to steal confidential information from the PC such as pass words, usernames or other data. The rootkit will also monitor a victim's online activities and harvest other types of data. Antivirus 2010 RTK will also display a fake system scanner, security alerts and pop-ups in order to convince a victim that his/her system has malware that can only be removed with the rogueware's full version, which has to be purchased. Do not purchase Antivirus 2010 RTK or believe any of the security alerts it displays. Antivirus 2010 RTK is a criminal application that should be removed from a PC upon detection.

File System Details

Antivirus 2010 RTK may create the following file(s):
# File Name Detections
1. c:\WINDOWS\system32\drivers\vbma22b4.sys
2. c:\WINDOWS\system32\IEDefender.dll
3. c:\WINDOWS\system32\us[1 RANDOM CHARACTER]rinit.exe
4. c:\Program Files\AV2010\svchost.exe
5. c:\WINDOWS\system32\mswmqnei.dll
6. c:\Program Files\AV2010\AV2010.exe
7. c:\WINDOWS\system32\wingamma.exe
8. C:\Documents and Settings\\Desktop\AV2010.lnk
9. C:\Documents and Settings\\Start Menu\Programs\AV2010\Uninstall.lnk
10. c:\Program Files\AV2010
11. C:\Documents and Settings\\Start Menu\Programs\AV2010\AV2010.lnk
12. C:\Documents and Settings\\Application Data\.wtav
13. C:\Documents and Settings\\Start Menu\Programs\AV2010

Registry Details

Antivirus 2010 RTK may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFBCFDBA
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"
HKEY_CLASSES_ROOT\Interface\{35c95ec8-f789-9a3a-375c-bdb89a3684fd}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014

Trending

Most Viewed

Loading...