Wednesday 23 May 2012

Windows Advanced Security Center virus. How to remove

1.Description

Windows Advanced Security Centervirus - this type of malicious software is categorized as fake AV program.

2. Behavior inside the compromised system

When the scanning is successfully launched Windows Advanced Security Center generates fake scanning reports about numerous viruses, worms and trojans detected. If one tries to delete these threats, he/she will fail to do it, until he/she buys the commercial version of Windows Advanced Security Center

3. Files

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[rnd].exe
  • %AppData%\result.db

In the process of the installation, Windows Advanced Security Center copies the following files to the hard disk.

4. System registry

Windows Advanced Security Center creates the following registry entries:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

5. Screenshots of the malware

6. Windows Advanced Security Center Removal

Windows Advanced Security Center automatic remover
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)