1
How to remove AntivirusGT on Wed Jul 07, 2010 3:29 am
DragonMaster Jay
Site Owner
AntivirusGT Analysis
AntivirusGT is a fairly new rogue, swinging its fists in late June 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product. It attempts to look like the legit AVG Antivirus.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
AntivirusGT has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Attributes of AntivirusGT
Similar AV scanners
Antivirus7 and Antivir 2010.
CLSID
HKEY_CLASSES_ROOT\CLSID\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}
Files and folders belonging to just AntivirusGT
%UserProfile%\Application Data\AntivirusGT
%UserProfile%\Start Menu\AntivirusGT.lnk
%UserProfile%\Start Menu\Programs\AntivirusGT.lnk
%UserProfile%\Desktop\AntivirusGT.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
AntivirusGT is a fairly new rogue, swinging its fists in late June 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product. It attempts to look like the legit AVG Antivirus.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
AntivirusGT has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Attributes of AntivirusGT
- Starts automatically with Windows login.
- Installs a hidden infection, making the product rather difficult to remove.
- Drops random files and folders.
- Drops random strings in to the Registry.
- Installs keylogger.
- Adds a \PendingFileRenameOperations value.
- Configures a random proxy server such as 127.0.0.1:5555
- Attempts to secure backdoor with an IRC server, where it will steal user data and transfer it to the hacker. It opens a backdoor at port 0.
- Drops random temporary files in %UserProfile%\Local Settings\Temp
- Adds a browser helper object:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F} - Adds an Internet Explorer user agent: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 05.07.2010"
Similar AV scanners
Antivirus7 and Antivir 2010.
CLSID
HKEY_CLASSES_ROOT\CLSID\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}
Files and folders belonging to just AntivirusGT
%UserProfile%\Application Data\AntivirusGT
%UserProfile%\Start Menu\AntivirusGT.lnk
%UserProfile%\Start Menu\Programs\AntivirusGT.lnk
%UserProfile%\Desktop\AntivirusGT.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
- Read and follow the steps in this topic.
- Then, post a new topic containing those logs in this section.
..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner
Kaspersky Anti-Virus 2012: Click HereContribute/donate to our site
Mon May 21, 2012 7:06 pm by 
