Antivirus 2010 is the name of a variety of different rogues from different malware families. This guide will focus on the latest rogue that uses this name and that is a clone of Antivirus 2010 Security Centre. Antivirus 2010 is promoted through the use of malware that will install it on to your computer without your permission or knowledge. Once running it will scan your computer and state that there are numerous infections present, but will state that it will not clean any of them until you first purchase the program. The problem is that most of the infections it detects are actually legitimate Windows programs that are not infected at all. Therefore, do not try to manually delete any of the files it states are infections as it may cause your computer to not operate correctly.
Antivirus 2010 Screen shot
For more screen shots of this infection click on the image above.
There are a total of 3 images you can view.
As part of its defense mechanism, Antivirus 2010 will also terminate the majority of programs that you attempt to run. When it terminates them it will also change the security permissions on the executable so that you will not be able to run the program again. You will know when Antivirus 2010 changes the permission on a program because when you attempt to launch the program you will be greeted with a Windows message that states:
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.If you are greeted with this message for one of your executables you can regain access to the program by using the cacls.exe program that comes installed with Windows. Simply go to a Command Prompt and type the following command to give the Everyone group permission to use the file again:
cacls <full path to the program> /G Everyone:FAs an example, if you attempt to launch Malwarebytes' and it gives the above error, then you would type cacls "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /G Everyone:F and press enter on your keyboard. Once you enter that command and press enter, everyone on your computer will then have access to the file again. If you are using Windows Vista or Windows 7 then you will have to use an elevated command prompt, which is explained here.
As you can see, Antivirus 2010 uses false scan results to make you think your infected so that you will purchase the program. It also takes your computer hostage by disabling the use of your executables so that you can't properly use your computer. Therefore, do not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating it is an computer virus. To remove Antivirus 2010 and related malware, please use the guide below.
Threat Classification:
Advanced information:
View Antivirus 2010 files.
View Antivirus 2010 Registry Information.
Entries for this program found in the Add or Remove Programs control panel:
Antivirus 2010
Tools Needed for this fix:
Symptoms that may be in a HijackThis Log:
Current Antivirus 2010 Files:
O23 - Service: Antivirus 2010 (userinit) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\us?rinit.exe (file missing)
Old Antivirus 2010 Files:
O2 - BHO: IEDefenderBHO - {FC8A493F-D236-4653-9A03-2BF4FD94F643} - C:\Windows\System32\IEDefender.dll
O4 - HKLM\..\Run: [Windows Gamma Display] C:\Windows\System32\wingamma.exe /adjustment
0 Comments