1
How to remove AV Security Suite on Tue Jun 15, 2010 3:54 pm
DragonMaster Jay
Site Owner
AV Security Suite Analysis
AV Security Suite is a fairly new rogue, swinging its fists in late May 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
AV Security Suite has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Attributes of AV Security Suite
Similar AV scanners
Antivirus Soft, AntiSpyware Soft, MS Antivirus, and Spyware Protect 2009.
Files and folders belonging to just AV Security Suite
%UserProfile%\Application Data\AV Security Suite\
%UserProfile%\Start Menu\AV Security Suite.lnk
%UserProfile%\Start Menu\Programs\AV Security Suite.lnk
%UserProfile%\Desktop\AV Security Suite.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
AV Security Suite is a fairly new rogue, swinging its fists in late May 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
AV Security Suite has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Attributes of AV Security Suite
- Starts automatically with Windows login.
- Installs a hidden infection, making the product rather difficult to remove.
- Drops random files and folders.
- Drops random strings in to the Registry.
- Configures a random proxy server such as 127.0.0.1:1041
- Attempts to secure backdoor with an IRC server, where it will steal user data and transfer it to the hacker.
- Drops a random CLSID as a folder and Registry value in HKEY_CLASSES_ROOT\CLSID
- Drops from hxxp://antimalwaresecurity.net
- Modifies Internet Explorer download settings:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
Similar AV scanners
Antivirus Soft, AntiSpyware Soft, MS Antivirus, and Spyware Protect 2009.
Files and folders belonging to just AV Security Suite
%UserProfile%\Application Data\AV Security Suite\
%UserProfile%\Start Menu\AV Security Suite.lnk
%UserProfile%\Start Menu\Programs\AV Security Suite.lnk
%UserProfile%\Desktop\AV Security Suite.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
- Read and follow the steps in this topic.
- Then, post a new topic containing those logs in this section.
Last edited by DragonMaster Jay on Fri Jun 18, 2010 2:04 pm; edited 1 time in total
..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner
Kaspersky Anti-Virus 2012: Click HereContribute/donate to our site
Mon May 21, 2012 7:06 pm by 
