Beware of this Fake Antivirus Application AntivirusFraud

by Frank Jovine on 02/17/2010 in Fake Antivirus, Security

AntivirusFraud is a fake antivirus application. This security risk can be downloaded by other threats on the computer or by clicking on certain Internet advertisements, but it must be manually installed. When a user downloads AntivirusFraud and runs a scan, the program reports false scan alerts. The program than tries to fool the user in purchasing the full license to remove the false errors.

Name: AntivirusFraud
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Behavior: The program reports false or exaggerated system security threats on the computer.

How to remove Antivirusfraud

Installation
When the program is executed, it creates the following files:

  • C:\Documents and Settings\All Users\Desktop\Antivirus.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Antivirus.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Uninstall.lnk
  • %ProgramFiles%\Antivirus\Antivirus.exe
  • %ProgramFiles%\Antivirus\wscsvc32.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
  • %ProgramFiles%\Antivirus\AvBho.dll
  • %ProgramFiles%\Antivirus\Uninstall.exe

It also creates the following registry subkeys:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus

How to Remove AntivirusFraud
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Run a full system scan.
  4. Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

If you do not have Norton Antivirus, you can download a free copy of Malwarebytes’ Anti-Malware to remove this software.

See more fake antivirus removal instructions here.

  • Share/Bookmark

6 Responses to “Beware of this Fake Antivirus Application AntivirusFraud”

  1. Andrew@BloggingGuide

    Feb 17th, 2010

    Thanks to you we are being made aware of false or fake applications. More Power!!

    • Frank Jovine

      Feb 18th, 2010

      Andrew,

      I am glad to find these rogue software products as well as sharing them with everyone.

  2. Buckbidz

    Feb 25th, 2010

    i had something like this virus onces. very hard to remove

  3. Seo

    Mar 4th, 2010

    Antivirus downloaded Form Net free of cosr are capable to remove Virus from the sytm or net
    Suggest me for a good Anivirus

  4. cam

    Mar 5th, 2010

    Thanks for the heads up on this!

  5. Critical Virus popup on WI! - Page 5

    Mar 5th, 2010

    [...] page, even for subscriptors. As for blaming Justin, check around the forum. You'll find them. Beware of this Fake Antivirus Application AntivirusFraud | TechJaws.com __________________ Nope, I won't, I looked. I did finally find Justines reponce on page three of a [...]