1
How to remove Antivir Solution Pro on Thu Jul 15, 2010 12:44 am
DragonMaster Jay
Site Owner
Antivir Solution Pro Analysis
Antivir Solution Pro is a fairly new rogue, swinging its fists in early July 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
Antivir Solution Pro has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Screenshot thanks to Jaxryley
Attributes of Antivir Solution Pro
Similar AV scanners
AV Security Suite, Antivirus Soft, AntiSpyware Soft, MS Antivirus, and Spyware Protect 2009.
Files and folders occasionally belonging to just Antivir Solution Pro
%UserProfile%\Application Data\Antivir Solution Pro\
%UserProfile%\Start Menu\Antivir Solution Pro.lnk
%UserProfile%\Start Menu\Programs\Antivir Solution Pro.lnk
%UserProfile%\Desktop\Antivir Solution Pro.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
Antivir Solution Pro is a fairly new rogue, swinging its fists in early July 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
Antivir Solution Pro has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Screenshot thanks to Jaxryley
Attributes of Antivir Solution Pro
- Starts automatically with Windows login.
- Installs a hidden infection, making the product rather difficult to remove.
- Drops random files and folders.
- Drops random strings in to the Registry.
- Configures a random proxy server such as 127.0.0.1:1041
- Attempts to secure backdoor with an IRC server, where it will steal user data and transfer it to the hacker.
- Exploits security hole(s) to attempt to take control of the computer.
- Kill program operation on the system, making it difficult for the user to ever start up programs again.
- Drops a random CLSID as a folder and Registry value in HKEY_CLASSES_ROOT\CLSID
- Modifies Internet Explorer download settings:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures" = "no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"RunInvalidSignatures" = "1"
Similar AV scanners
AV Security Suite, Antivirus Soft, AntiSpyware Soft, MS Antivirus, and Spyware Protect 2009.
Files and folders occasionally belonging to just Antivir Solution Pro
%UserProfile%\Application Data\Antivir Solution Pro\
%UserProfile%\Start Menu\Antivir Solution Pro.lnk
%UserProfile%\Start Menu\Programs\Antivir Solution Pro.lnk
%UserProfile%\Desktop\Antivir Solution Pro.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
- Read and follow the steps in this topic.
- Then, post a new topic containing those logs in this section.
..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner
Kaspersky Anti-Virus 2012: Click Here 
Sun Feb 05, 2012 3:10 pm by 
