Antivirus System
Posted: July 13, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 115 |
| First Seen: | July 13, 2013 |
|---|---|
| Last Seen: | March 28, 2023 |
| OS(es) Affected: | Windows |
Antivirus System is a rogue anti-virus program that creates inaccurate alerts while attempting to restrict your ability to use most other programs, with the goal of forcing you to purchase its software as a poor 'fix' to these issues. Because Antivirus System doesn't have any legitimate features for detecting or deleting any type of malware, SpywareRemove.com malware researchers don't recommend wasting money on Antivirus System's registration – instead, you should treat Antivirus System as a threat to your PC's security and disable it by any means required. Once you have full access to all other software on your computer, you should use real anti-malware software to remove Antivirus System and any settings changes related to its presence.
Antivirus System: a System Rigged to Be the 'Anti' to Almost Everything
While Antivirus System's family has not yet been identified, if, in fact, it even has one, SpywareRemove.com malware analysts nonetheless, have found many similarities between Antivirus System and members of the WinWeb Security family of scamware. Like other fake anti-virus products such as Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus., Antivirus System attempts to block most other applications by monitoring your use of executable (or EXE) files. While blocking a specific program, Antivirus System also may create fake popup alerts that claim that this program is compromised. Similar to Winwebsec-based scamware, Antivirus System will not block programs that are essential for allowing Windows to load.
Antivirus System also displays its warning messages at other times, such as pop-ups concerning the presence of identity information-stealing spyware or other high-level PC threats. These pop-ups, in combination with Antivirus System's simulated malware scans of your PC, try to make your PC look as if it's being attacked by many types of malicious software when, in fact, Antivirus System is incapable of detecting any true virus or other malware. Although Antivirus System repeatedly insists that registering its software is the ideal way to remove all detected threats, SpywareRemove.com malware researchers, naturally, don't recommend spending your money on fraudulent software.
Dismantling Antivirus System's System of Scams from Start to Finish
Since the only thing following Antivirus System's security advice will do is cause you to waste money and delete harmless files, SpywareRemove.com malware experts would waste no time in urging Antivirus System's immediate deletion without any qualms. However, you should be careful not to confuse Antivirus System and other similarly-named scamware products with real security software, such as NOD32 Antivirus System. Most rogue anti-virus programs attempt to copy the basic looks and brand names of real anti-malware company products, but can be identified easily through their attacks, along with their repeated requests for you to purchase their registration keys.
Because Antivirus System usually will block the very anti-malware programs you'd want to use to get rid of it, you usually should try to disable Antivirus System before any other steps are taken to disinfect your PC. Booting into Safe Mode, switching to another available OS or booting from a flash drive all are common strategies for disabling such problematic malware as Antivirus System. With Antivirus System's startup exploit disabled, any competent anti-malware program should find it easy enough to remove Antivirus System during a traditional system scan.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Users\<username>\AppData\Local\Temp\vmware-Alin Kahn\VMwareDnD\60eab17a\21.4.exe
File name: 21.4.exeSize: 83.96 KB (83968 bytes)
MD5: 40461a5ae21e4584d4079a2176691b8b
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\vmware-Alin Kahn\VMwareDnD\60eab17a\21.4.exe
Group: Malware file
Last Updated: March 28, 2023
C:\Users\<username>\AppData\Local\Temp\iwrdp
File name: iwrdpSize: 83.96 KB (83968 bytes)
MD5: dd47b34a8cf4ea2a39ca3a1a57bca724
Detection count: 12
Path: C:\Users\<username>\AppData\Local\Temp\iwrdp
Group: Malware file
Last Updated: March 28, 2023
C:\Users\<username>\AppData\Local\Temp\blqhtg
File name: blqhtgSize: 83.96 KB (83968 bytes)
MD5: f3f7b5bf4bb134028f8eb6c6450a00cd
Detection count: 12
Path: C:\Users\<username>\AppData\Local\Temp\blqhtg
Group: Malware file
Last Updated: March 28, 2023
C:\Users\<username>\AppData\Local\Temp\vmware-Alin Kahn\VMwareDnD\60eab17a\21.65535.exe
File name: 21.65535.exeSize: 83.96 KB (83968 bytes)
MD5: 3b7f701bfe77426abdf6fbf37f6ddd46
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\vmware-Alin Kahn\VMwareDnD\60eab17a\21.65535.exe
Group: Malware file
Last Updated: March 28, 2023
C:\Users\<username>\AppData\Local\Temp\vmware-Alin Kahn\VMwareDnD\60eab17a\35.1.exe
File name: 35.1.exeSize: 83.96 KB (83968 bytes)
MD5: 963ede0129909c3c0baf4ab2f189794c
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\vmware-Alin Kahn\VMwareDnD\60eab17a\35.1.exe
Group: Malware file
Last Updated: March 28, 2023
%CommonAppData%\pavsdata\
File name: %CommonAppData%\pavsdata\Group: Malware file
%CommonAppData%\pavsdata\[NUMBER].1.exe
File name: %CommonAppData%\pavsdata\[NUMBER].1.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\pavsdata\cache.bin
File name: %CommonAppData%\pavsdata\cache.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pavsdata\app.ico
File name: %CommonAppData%\pavsdata\app.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pavsdata\uninst.ico
File name: %CommonAppData%\pavsdata\uninst.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pavsdata\support.ico
File name: %CommonAppData%\pavsdata\support.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pavsdata\vl.bin
File name: %CommonAppData%\pavsdata\vl.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonStartMenu%\Programs\Antivirus System\
File name: %CommonStartMenu%\Programs\Antivirus System\Group: Malware file
%CommonStartMenu%\Programs\Antivirus System\Antivirus System.lnk
File name: %CommonStartMenu%\Programs\Antivirus System\Antivirus System.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Antivirus System\Antivirus System Help and Support.lnk
File name: %CommonStartMenu%\Programs\Antivirus System\Antivirus System Help and Support.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Antivirus System\Remove Antivirus System.lnk
File name: %CommonStartMenu%\Programs\Antivirus System\Remove Antivirus System.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AllUsersProfile%\Desktop\Antivirus System.lnk
File name: %AllUsersProfile%\Desktop\Antivirus System.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = "[RANDOM]"HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = "application/x-m"HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = "%1"HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pavsdata\[NUMBER].1.exe" /ex "%1" %*"HKEY_CLASSES_ROOT\.exe "(Default)" = "[RANDOM]"HKEY_CLASSES_ROOT\.exe "Content Type" = "application/x-m"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "avsdsvc" = "%CommonAppData%\pavsdata\[NUMBER].1.exe /min"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pavsdata
Additional Information
| # | Message |
|---|---|
| 1 | Antivirus System Firewall Alert
iexplore.exe is infected with Trojan-Downloader.JS.Agent.ftu. Private data can be stolen by third parties, including credit card details and passwords. When you see these messages, please do not be concerned as your applications are not infected. |
| 2 | Security Alert
Unknown program is scanning your system registry right now! Identity theft detected! Threat: Hoax.HTML.OdKlas.a |
| 3 | Security Alert
Vulnerabilities Found Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence. Upgrade to full version of Antivirus System software package now! Clean your system and ward off new attacks against your system integrity and sensitive data. FREE daily updates and online protection from web-based intrusions are already in the bundle. |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.