Thursday 25 February 2010

How to remove Antivirus 2010 (Uninstall guide)

Antivirus 2010 is a fake (rogue) anti-virus program. It reports false system security threats and displays misleading warnings to make you think that your computer is infected with malicious software. Usually Antivirus2010 claims that it has detected many harmful or infected system files related to trojan viruses and computer worms. The scan results are false so you may safely ignore them. Besides, this fake program reports the same infections on every compromised computer. If you are reading this then your PC is probably already infected and most likely you see the following threats in the scan report or misleading pop-ups:
  • Spyware.IMMonitor
  • Spyware.IEMonster.d
  • Win32.Rbot.fm
  • Trojan.Alg.t
  • Infostealer.Banker.E
  • Spyware.KnownBadSites
  • Trojan.Tooso
  • Trojan.Clicker.EC
  • Zlob.PornAdvertiser.ba
  • Trojan.MailGrabber.s
  • TrustedAntivirus
  • Trojan.BAT.Adduser.t
  • and etc.
Current Antivirus 2010 GUI:


Old Antivirus 2010 GUI:


The main goal of Antivirus 2010 is to trick you into purchasing the full version of the program. Of course, you shouldn't do that. This is nothing more but a scam because it prompts you to pay for a full version of the program to remove the threats which don't even exist in the first place. You should follow the removal guide below to remove this infection from your computer for free using legitimate anti-malware programs.

Once installed, Antivirus 2010 creates malicious startup entry so that the rogue program will start automatically every time you logon to Windows. The malicious startup entry launches wingamma.exe which then starts AV2010.exe. The rogue program impersonates Windows Security Center as shown in the image below and states that yous must purchase Anti-virus 2010 in order to protect yourself.



The rogue program also displays fake Blue Screen of Death screen to scare you and make you think that your computer has crashed because of SPYWARE.MONSTER.FX_WILD_0x0000000 infection. The funny thing is that you can actually close this fake screen just by pressing Alt-Tab or Control-Alt-Delete.





Antivirus 2010 hijacks the desktop background too:


Last, but not least, Antivirus 2010 hijacks Internet Explorer and displays fake warnings while surfing the web. One of the fake warnings reads: Internet Explorer Warning - visiting this web site may harm your computer! See how this fake warning looks in the image below.



As you can see, Antivirus 2010 is absolutely needless and even dangerous program. Don't be fooled and don't pay for it! If you already bought it then you should contact your credit card company and dispute the charges. Next, read the removal instructions below and uninstall Antivirus 2010 from your computer a soon as possible.


Antivirus 2010 removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternate Antivirus 2010 removal instructions using Process Explorer (in Normal mode):

1. Download Process Explorer and end Antivirus 2010 process(es):
  • us?rinit.exe
  • wingamma.exe
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Antivirus 2010 associated files and registry values:

Current Antivirus 2010 Files:
  • C:\Documents and Settings\All Users\Application Data\.wtav
  • C:\WINDOWS\system32\mswmqnei.dll
  • C:\WINDOWS\system32\us?rinit.exe
  • C:\WINDOWS\system32\drivers\vbma22b4.sys
Old Antivirus 2010 Files:
  • C:\Program Files\AV2010
  • C:\Program Files\AV2010\AV2010.exe
  • C:\Program Files\AV2010\svchost.exe
  • C:\WINDOWS\system32\IEDefender.dll
  • C:\WINDOWS\system32\wingamma.exe
  • C:\Documents and Settings\All Users\Desktop\AV2010.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AV2010
  • C:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk
Current Antivirus 2010 registry values:
  • HKEY_CLASSES_ROOT\Interface\{35c95ec8-f789-9a3a-375c-bdb89a3684fd}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFBCFDBA
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
Old Antivirus 2010 registry values:
  • HKEY_CURRENT_USER\Software\AV2010
  • HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
  • HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
  • HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
  • HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
  • HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
  • HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
  • HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"
Share this information with other people:

No comments:

Post a Comment