Pages

Friday, March 26, 2010

Antivirus 2010: Removal

 Antivirus 2010 is a fake antivirus software which may harm your computer if used. It is a cunning malware that uses advertisements to make the user pay for the malware. It displays fake Blue Screen Of Death (BSOD). In the BSOD it shows that windows has detected unregistered version of the Antivirus 2010. It has to be registered for solving the problem. Do not believe this! It is the cunning task of Antivirus 2010. The BSOD displayed by Antivirus 2010 looks like this:



If your computer displays above screen, do not trust it and do not pay for Antivirus 2010 malware.
Screenshot of Antivirus 2010 is shown below:


Symptoms:

  • Changes browser settings
  • Shows commercial adverts
  • Connects itself to the internet
  • Stays resident in background



Removal:

You can remove Antivirus 2010 by using anti malware softwares like
1.  Malware Bytes                       Download
2. Windows Defender                 Download

Manual removal:

You can delete Antivirus 2010 by following the below steps.

1. Kill the process 'AV2010.exe svchost.exe wingamma.exe'
     Help: How to kill the process
2. Remove the following Registry values
     HKEY_CURRENT_USER\Software\AV2010
     HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
     HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
     HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
     HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
     HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
     HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
     HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser  Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
     HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-   08002bE10318}\0012
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-  BFC1-08002bE10318}\0013
     HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"



       Help: How to remove registry values

3. Unregister DLLs

     IEDefender.dll
  
      Help: How to unregister malicious dlls

4. Delete files

    Program Files\\AV2010\\AV2010.exe Program Files\\AV2010\\svchost.exe WINDOWS\\system32\\IEDefender.dll WINDOWS\\system32\\wingamma.exe

    Help: How to delete malicious files

5  Delete Directories
     c:\Program Files\AV2010
       c:\Documents and Settings\All Users\Start Menu\Programs\AV2010

                               Add to Technorati Favorites                           Bookmark and Share






1 comment:

  1. No longer waiting to become famous currently. Buy Facebook Followers as a way to acquire fame and acceptance on internet in a shorter duration. facebook follower

    ReplyDelete