AV Protection Online

AV Protection Online Description

Type: Rogue AntiSpyware Programs

ScreenshotAV Protection Online is a fake security application. This bogus security program is a clone of previous malware threats such as Guard Online, AV Guard Online, AV Guardian Online, and Guardian Online. All of the previously-mentioned programs are actually extremely similar versions of the same fake security application. Hackers take the same malicious program and simply make a few tweaks to the interface. By simply changing the rogue security application's name and some of its features, hackers can constantly stay ahead of malware researchers and the latest malware databases. ESG security researchers consider that AV Protection Online is a dangerous threat to an operating system. If you have installed AV Protection Online onto your computer, you must understand that AV Protection Online is not a real security application. This fake security program is designed to steal your money through the use of deceptive tactics and outright lies. ESG PC security analysts strongly recommend removing AV Protection Online with a legitimate, up-to-date anti-malware application.

How the AV Protection Online Scam Works

Programs like AV Protection Online are part of a well-established online scam. Malware analysts refer to these kinds of fake security applications as rogues, or rogue security programs. Rogue security programs use a combination of Trojans, social engineering and malicious scripts, in order to wreak havoc on an infected computer system. Meanwhile, the user's interface is designed to display a constant barrage of fake security alerts, error messages and alarming, but fake, system scans. The whole aim of scams like AV Protection Online is to make the victim believe that the computer is severely infected with a variety of Trojans and viruses, that AV Protection Online is actually is a real security program that can solve these imaginary threats, and that the victim must purchase a "full version" of AV Protection Online in order to restore the infected computer to normal. Below, ESG PC security researchers have listed some symptoms associated with a AV Protection Online infection.

  1. Computers infected with AV Protection Online will run very slowly and become unstable.
  2. Computers infected with AV Protection Online will have trouble connecting to the Internet and some files may be blocked completely.
  3. Victims of AV Protection Online will be pestered constantly with a large number of alarming security alerts and error messages.
  4. Whenever the user attempts to use AV Protection Online to solve these problems, he/her will be directed to purchase a "full version" of AV Protection Online.


Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove AV Protection Online

File System Details

AV Protection Online creates the following file(s):
# File Name MD5 Detection Count
1 atxP0ycS1b3n4.exe b3ed62012255aed5b965449e921ab4df 2
2 %Windows%\system32\[RANDOM CHARACTERS].exe N/A
3 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp N/A
4 %Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\ N/A
5 %Documents and Settings%\[UserName]\Desktop\AV Protection Online.lnk N/A
6 %Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS]\ N/A
7 %Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\AV Protection Online.lnk N/A
8 %Documents and Settings%\[UserName]\Application Data\ldr.ini N/A
9 %AppData%\dvS2obF4pGsJdKg\AV Protection Online.ico N/A
10 svhostu.exe b30db04a303ca1c54964a37f23a0ed37 0

Registry Details

AV Protection Online creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001?
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http="
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001?

More Details on AV Protection Online

The following messages associated with AV Protection Online were found:
Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.