Antivirus Action
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3,300 |
| First Seen: | October 11, 2010 |
| OS(es) Affected: | Windows |
Antivirus Action Image
Antivirus Action is a fake security application that can spread via Trojans, file-sharing networks and malicious websites. On infiltrating a system, Antivirus Action, a member of the FakeSpyPro family will create a start-up registry entry which will enable it to execute with every system start-up. Antivirus Action will generate fake system security warnings to convince victims that they need to purchase its full version to remove the detected threats. Antivirus Action (AntivirusAction) is a useless application that should never be purchased. The rogue anti-virus program can be unknowingly installed onto a user's computer by Trojans that exploit known Windows vulnerabilities or when a victim opens an infected attachment in spammed e-mails. It can also come bundled with downloads from infected websites or files from peer-to-peer networks. On infiltrating a system, Antivirus Action will create a start-up registry entry to ensure that it is automatically executed every time the infected PC is started up. Antivirus Action will also block a victim's access to applications such as Task Manager or Registry Editor. These actions will ensure that the rogue is not easily detected and removed from the system.
When a victim attempts to run programs on a compromised PC, Antivirus Action will display a message claiming that the file he/she is attempting to run is infected and then it will terminate the process. The security message is as follows:
"Security Warning
Application cannot be executed. The file notepad.exe is infected. Do you want to activate your antivirus software now."
The programs and processes are terminated to prevent a victim from launching security software to remove the rogue. However if you attempt to run the programs enough times they should eventually work. To convince a victim that his/her system is infected, a fake system scan will be simulated which is designed to always report the detection of several dangerous computer parasites such as viruses, Trojan, spyware etc. Fake system security alerts and pop-up warnings will also be displayed to convince a victim that he/she needs to purchase its full version to remove the detected threats.
Below is an example of the security alerts:
"Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here to scan your computer. Your system might be at risk now."
As a result of browser hijacking, when a victim attempts to browse the internet and even when a user clicks on the security alerts displayed by Antivirus Action, he/she will be redirected to malicious websites that promote the online purchase of this rogueware. Users should be aware that Antivirus Action is not able to detect or remove legitimate computer malware and thus should never be purchased. Instead use a reliable malware removal tool to rid your PC of this useless rogue.
There are numerous clones of Antivirus Action that include AntiSpyware Soft, Antivirus System Pro, Spyware Protect 2009, Security Central, Antivirus Soft, Antivirus Suite, Antivir Solution Pro, Security Suite, Malware Destructor 2011, Antivirus Scan, PC Security 2011, Antivirus .NET, AntiVira Av, AntiMalware GO, Antivirii 2011, Antivirus Monitor, Antivirus Live.
Table of Contents
Aliases
15 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| Panda | Suspicious file |
| Sophos | Mal/FakeAV-DO |
| AhnLab-V3 | Trojan/Win32.FakeAV |
| Microsoft | Rogue:Win32/FakeSpypro |
| DrWeb | Trojan.FakeAV.2534 |
| Panda | Trj/CI.A |
| AVG | Generic19.CKTO |
| Sunbelt | Trojan.Win32.Generic!BT |
| Microsoft | VirTool:Win32/Obfuscator.JM |
| eTrust-Vet | Win32/AntivirusAction.O |
| AntiVir | TR/Obfuscated.244736JM |
| DrWeb | Trojan.FakeAV.1254 |
| Avast | Win32:FakeAV-AUZ |
| Symantec | Trojan.Gen |
| NOD32 | a variant of Win32/Kryptik.HZQ |
SpyHunter Detects & Remove Antivirus Action
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | tomgggctsbl.exe | 0031942d0205335f097fe21c15ba2ee0 | 33 |
| 2. | jiswvkutsbl.exe | b0917d1066fce6ca5e3ee38dc4b12339 | 26 |
| 3. | kbcrutetsbl.exe | 96b9351e4fad70fbabca7fb9aca6f67c | 26 |
| 4. | vqucadstsbl.exe | afc83bf8d1d7d1d76ad92926c88b6e69 | 21 |
| 5. | guqjvbhtsbl.exe | 1f6d0d4ff9a73bd17682a451837b19df | 21 |
| 6. | fligkfktsbl.exe | dcd0b1c2e428fbd85d149b04173d8223 | 20 |
| 7. | micrgnutsbl.exe | 2e5b8f33b3369233d1b9527a5de367bc | 20 |
| 8. | edbqjiptsbl.exe | e044872b0a14d73a2c496d27b6232f74 | 19 |
| 9. | mhhvhtatsbl.exe | 7d161d4cd66b72504455d3dd06166825 | 19 |
| 10. | hyimnjgtsbl.exe | f02b140ddab36d3d9d9c572a0db3b210 | 18 |
| 11. | fbwilfttsbl.exe | 38d7d7f7ffe6002612eb06ffe36d8e92 | 18 |
| 12. | locpogytsbl.exe | a6e0d5a876f6c098d0b89e3122aaac7f | 17 |
| 13. | qqumhletsbl.exe | 9d2b498694cca08670f7673c02546114 | 16 |
| 14. | txqsqdutsbl.exe | a7be3c4f59c04663ff3faa05f3d90704 | 16 |
| 15. | ikuekrqtsbl.exe | 7dd0f0b6a0723f8ae65bb7e68de08dc3 | 15 |
| 16. | qrevhdptsbl.exe | 7f38a47f377b10c66980a858fa87c455 | 12 |
| 17. | eovhjxftsbl.exe | 957ea706776975b1f3f7572302fdea34 | 11 |
| 18. | nflthhetsbl.exe | 80a49cc60c21619185970ccaad578cbd | 11 |
| 19. | gtmnhaotsbl.exe | 3500bdd4b51c74fe3caf24aa0a7c18bd | 10 |
| 20. | lthdllhtsbl.exe | 8ada13b2881ca7fcd889d6b2a260a6a1 | 9 |
| 21. | qalhtmxtsbl.exe | 50183249bbfad7fb636c7f38c995b01b | 9 |
| 22. | xggrvhctsbl.exe | 05232ed8383e86081840b08e6c95de8e | 9 |
| 23. | ospmbvjtsbl.exe | c9dd85714fb0e0debdf578d0996f4592 | 9 |
| 24. | unauenetsbl.exe | 303ed290f218207f3cd6dbb65a4d6e64 | 9 |
| 25. | oletxivtsbl.exe | d5ddc3187fa7440bb21b31088ca2d469 | 9 |
| 26. | uhblmjjtsbl.exe | 8394abc8b63e0afd6c6eac3f3f1ae7be | 9 |
URLs
Antivirus Action may call the following URLs:
| 193.106.34.16 |
| 93.174.88.135 |
| 93.174.88.136 |
| 93.174.88.138 |
| 93.174.88.139 |
| antispydot.com |
| antispylake.com |
| antispylake.net |
| antispyroad.com |
| antispytag.net |
| antispytask.com |
| antispyway.com |
| antispyway.net |
| antisywire.com |
| antivirboost.com |
| antivirdrome.com |
| antivirnet.com |
| antivirnet.net |
| antivirstress.com |
| ns1.antispydot.com |
| ns1.antispylake.com |
| ns1.antispyroad.com |
| ns1.antispytag.com |
| ns1.antispytag.net |
| ns1.antispytask.com |
| ns1.antispyway.com |
| ns1.antispyway.net |
| ns1.antisywire.com |
| ns1.antivirboost.com |
| ns1.antivirdrome.com |
| ns1.antivirnet.com |
| ns1.antivirnet.net |
| ns1.antivirstress.com |
| ns1.antivirwall.com |
| ns1.infinitetraffic.info |
| ns1.pcsecurityland.com |
| ns1.softwaretoolsstore.com |
| ns1.versionantispy.com |
| ns2.antispydot.com |
| ns2.antispylake.com |
| ns2.antispyroad.com |
| ns2.antispytag.com |
| ns2.antispytag.net |
| ns2.antispytask.com |
| ns2.antispyway.com |
| ns2.antispyway.net |
| ns2.antisywire.com |
| ns2.antivirboost.com |
| ns2.antivirdrome.com |
| ns2.antivirnet.com |
| ns2.antivirnet.net |
| ns2.antivirstress.com |
| ns2.antivirwall.com |
| ns2.pcsecurityland.com |
| ns2.softwaretoolsstore.com |
| ns2.versionantispy.com |
| server1.usdebtmodifiers.com |
| softwaretoolsstore.com |
| versionantispy.com |
Messages
The following messages associated with Antivirus Action were found:
|
Security Warning
Application cannot be executed. The file notepad.exe is infected. Do you want to activate your antivirus software now. |
|
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now. |
