Antivirus Action

Antivirus Action Description

Type: Rogue Anti-Virus Program

ScreenshotAntivirus Action is a fake security application that can spread via Trojans, file-sharing networks and malicious websites. On infiltrating a system, Antivirus Action, a member of the FakeSpyPro family will create a start-up registry entry which will enable it to execute with every system start-up. Antivirus Action will generate fake system security warnings to convince victims that they need to purchase its full version to remove the detected threats. Antivirus Action (AntivirusAction) is a useless application that should never be purchased. The rogue anti-virus program can be unknowingly installed onto a user's computer by Trojans that exploit known Windows vulnerabilities or when a victim opens an infected attachment in spammed e-mails. It can also come bundled with downloads from infected websites or files from peer-to-peer networks. On infiltrating a system, Antivirus Action will create a start-up registry entry to ensure that it is automatically executed every time the infected PC is started up. Antivirus Action will also block a victim's access to applications such as Task Manager or Registry Editor. These actions will ensure that the rogue is not easily detected and removed from the system.

When a victim attempts to run programs on a compromised PC, Antivirus Action will display a message claiming that the file he/she is attempting to run is infected and then it will terminate the process. The security message is as follows:

"Security Warning
Application cannot be executed. The file notepad.exe is infected. Do you want to activate your antivirus software now."

The programs and processes are terminated to prevent a victim from launching security software to remove the rogue. However if you attempt to run the programs enough times they should eventually work. To convince a victim that his/her system is infected, a fake system scan will be simulated which is designed to always report the detection of several dangerous computer parasites such as viruses, Trojan, spyware etc. Fake system security alerts and pop-up warnings will also be displayed to convince a victim that he/she needs to purchase its full version to remove the detected threats.

Below is an example of the security alerts:
"Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here to scan your computer. Your system might be at risk now."

As a result of browser hijacking, when a victim attempts to browse the internet and even when a user clicks on the security alerts displayed by Antivirus Action, he/she will be redirected to malicious websites that promote the online purchase of this rogueware. Users should be aware that Antivirus Action is not able to detect or remove legitimate computer malware and thus should never be purchased. Instead use a reliable malware removal tool to rid your PC of this useless rogue.

There are numerous clones of Antivirus Action that include AntiSpyware Soft, Antivirus System Pro, Spyware Protect 2009, Security Central, Antivirus Soft, Antivirus Suite, Antivir Solution Pro, Security Suite, Malware Destructor 2011, Antivirus Scan, PC Security 2011, Antivirus .NET, AntiVira Av, AntiMalware GO, Antivirii 2011, Antivirus Monitor, Antivirus Live.
ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Panda Suspicious file
Sophos Mal/FakeAV-DO
AhnLab-V3 Trojan/Win32.FakeAV
Microsoft Rogue:Win32/FakeSpypro
DrWeb Trojan.FakeAV.2534
Panda Trj/CI.A
AVG Generic19.CKTO
Sunbelt Trojan.Win32.Generic!BT
Microsoft VirTool:Win32/Obfuscator.JM
eTrust-Vet Win32/AntivirusAction.O
AntiVir TR/Obfuscated.244736JM
DrWeb Trojan.FakeAV.1254
Avast Win32:FakeAV-AUZ
Symantec Trojan.Gen
NOD32 a variant of Win32/Kryptik.HZQ

Technical Information

File System Details

Antivirus Action creates the following file(s):
# File Name MD5 Detection Count
1 tomgggctsbl.exe 0031942d0205335f097fe21c15ba2ee0 33
2 jiswvkutsbl.exe b0917d1066fce6ca5e3ee38dc4b12339 26
3 kbcrutetsbl.exe 96b9351e4fad70fbabca7fb9aca6f67c 26
4 vqucadstsbl.exe afc83bf8d1d7d1d76ad92926c88b6e69 21
5 guqjvbhtsbl.exe 1f6d0d4ff9a73bd17682a451837b19df 21
6 fligkfktsbl.exe dcd0b1c2e428fbd85d149b04173d8223 20
7 micrgnutsbl.exe 2e5b8f33b3369233d1b9527a5de367bc 20
8 edbqjiptsbl.exe e044872b0a14d73a2c496d27b6232f74 19
9 mhhvhtatsbl.exe 7d161d4cd66b72504455d3dd06166825 19
10 hyimnjgtsbl.exe f02b140ddab36d3d9d9c572a0db3b210 18
11 fbwilfttsbl.exe 38d7d7f7ffe6002612eb06ffe36d8e92 18
12 locpogytsbl.exe a6e0d5a876f6c098d0b89e3122aaac7f 17
13 qqumhletsbl.exe 9d2b498694cca08670f7673c02546114 16
14 txqsqdutsbl.exe a7be3c4f59c04663ff3faa05f3d90704 16
15 ikuekrqtsbl.exe 7dd0f0b6a0723f8ae65bb7e68de08dc3 15
16 qrevhdptsbl.exe 7f38a47f377b10c66980a858fa87c455 12
17 eovhjxftsbl.exe 957ea706776975b1f3f7572302fdea34 11
18 nflthhetsbl.exe 80a49cc60c21619185970ccaad578cbd 11
19 gtmnhaotsbl.exe 3500bdd4b51c74fe3caf24aa0a7c18bd 10
20 lthdllhtsbl.exe 8ada13b2881ca7fcd889d6b2a260a6a1 9
21 qalhtmxtsbl.exe 50183249bbfad7fb636c7f38c995b01b 9
22 xggrvhctsbl.exe 05232ed8383e86081840b08e6c95de8e 9
23 ospmbvjtsbl.exe c9dd85714fb0e0debdf578d0996f4592 9
24 unauenetsbl.exe 303ed290f218207f3cd6dbb65a4d6e64 9
25 oletxivtsbl.exe d5ddc3187fa7440bb21b31088ca2d469 9
26 uhblmjjtsbl.exe 8394abc8b63e0afd6c6eac3f3f1ae7be 9
More files

More Details on Antivirus Action

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • 193.106.34.16
  • 93.174.88.135
  • 93.174.88.136
  • 93.174.88.138
  • 93.174.88.139
  • antispydot.com
  • antispylake.com
  • antispylake.net
  • antispyroad.com
  • antispytag.net
  • antispytask.com
  • antispyway.com
  • antispyway.net
  • antisywire.com
  • antivirboost.com
  • antivirdrome.com
  • antivirnet.com
  • antivirnet.net
  • antivirstress.com
  • ns1.antispydot.com
  • ns1.antispylake.com
  • ns1.antispyroad.com
  • ns1.antispytag.com
  • ns1.antispytag.net
  • ns1.antispytask.com
  • ns1.antispyway.com
  • ns1.antispyway.net
  • ns1.antisywire.com
  • ns1.antivirboost.com
  • ns1.antivirdrome.com
  • ns1.antivirnet.com
  • ns1.antivirnet.net
  • ns1.antivirstress.com
  • ns1.antivirwall.com
  • ns1.infinitetraffic.info
  • ns1.pcsecurityland.com
  • ns1.softwaretoolsstore.com
  • ns1.versionantispy.com
  • ns2.antispydot.com
  • ns2.antispylake.com
  • ns2.antispyroad.com
  • ns2.antispytag.com
  • ns2.antispytag.net
  • ns2.antispytask.com
  • ns2.antispyway.com
  • ns2.antispyway.net
  • ns2.antisywire.com
  • ns2.antivirboost.com
  • ns2.antivirdrome.com
  • ns2.antivirnet.com
  • ns2.antivirnet.net
  • ns2.antivirstress.com
  • ns2.antivirwall.com
  • ns2.pcsecurityland.com
  • ns2.softwaretoolsstore.com
  • ns2.versionantispy.com
  • server1.usdebtmodifiers.com
  • softwaretoolsstore.com
  • versionantispy.com
The following messages associated with Antivirus Action were found:
Security Warning
Application cannot be executed. The file notepad.exe is infected. Do you want to activate your antivirus software now.
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.