DRS Georgia

Computer Diagnose, Repair, and Service Technicians of Georgia

  • Increase font size
  • Default font size
  • Decrease font size
Home Forum
Welcome, Guest
Please Login or Register.    Lost Password?
DRS Georgia Computer Repair Forum
Infection Removal Tips
Rogue Program Identification

Anti Virus Solution Pro Identification
(1 viewing) (1) Guest
Go to bottom
Post Reply
Post New Topic
Page: 1
TOPIC: Anti Virus Solution Pro Identification
#281
Anti Virus Solution Pro Identification 1 Month, 3 Weeks ago Karma: 0
Anti Virus Solution Pro is a fake anti-malware(anti-spyware, anti-virus, anti-spyware, etc.) application.

Usually referred to as a rogue program. This malware infections gives false computer infection alerts to scare you into purchasing their computer infection removal software, anti-viurs, anti-spyware, or anti-malware programs.

And when you are infected with it, you will see a pop-up on your computer that resembles this:



Regardless of which rogue application you have, you need to get rid of it immediately. These programs open your computer up for even more infections.

CAUTION: The biggest problem that you are having, is not the infections that are allowing you to see them, it's the ones lurking in the background that you can't see.

Malware infections are on the rise. Removing malware can be difficult at times. But one of the best products out there for FREE, EASY malware removal and can be upgraded to actively protect your computer from malware infections is MalwareBytes. With this program, you will be able to remove the current threats that you do have on your computer!



Don't think you can do it on your own? Please, come back and get either hints through our forum or get your computer repaired by an expert, remotely.


Enter code here   
Please note: although no board code and smiley buttons are shown, they are still usable.
DRS Georgia
Administrator
Posts: 272
graph
User Offline Click here to see the profile of this user
Gender: Male
Last Edit: 2010/07/14 09:51 By swilder.
Reply Quote
 
#307
Re:Anti Virus Solution Pro Identification 1 Month ago Karma: 0
The rogue "Antivirus" was the main infection, but this one was found on the PC as well.

Live Repair Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4393

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/5/2010 11:29:14 AM
mbam-log-2010-08-05 (11-29-14).txt

Scan type: Quick scan
Objects scanned: 125683
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\GG\AppData\Local\Temp\expand32xp.dll (Trojan.FakeAV) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsdk64_32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dnpfdcpe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lirgedej (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eebrtxqw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lkgodult (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\GG\AppData\Local\Temp\expand32xp.dll (Trojan.FakeAV) -> Delete on reboot.
C:\Users\GG\AppData\Local\Temp\wmsdk64_32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\asd8FFF.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\dhdhtrdhdrtr5y (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\asd581E.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\tmp3FFC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\tmp585C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\tmp7619.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\tmp7DA8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\tmp8F92.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\tmp903D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Local\Temp\tmpA2D4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\About.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Activate.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus Support.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Buy.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Scan.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Settings.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Update.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\GG\Desktop\AntiVirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\Desktop\spam001.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\GG\Desktop\spam003.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\GG\Desktop\troj000.exe (Malware.Trave) -> Quarantined and deleted successfully.
C:\Users\GG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\GG\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Enter code here   
Please note: although no board code and smiley buttons are shown, they are still usable.
DRS Georgia
Administrator
Posts: 272
graph
User Offline Click here to see the profile of this user
Gender: Male
Reply Quote
 
Go to top
Post Reply
Post New Topic
Page: 1
DRS Georgia Computer Repair Forum
Infection Removal Tips
Rogue Program Identification
Moderators: DRS Georgia, Moderator
Powered by Kunenaget the latest posts directly to your desktop