Antivirus solution 2010 is a fraudulent rogue software program when he replace Desktop Defender 2010 and Desktop Security with the Antivirus studio 2010 previous rogue name.
The Installer will look like this :
He have a license agreement and the user cannot cancel the installation.
And it takes to be installed in a minute or 3 early :
Once installed his Interface will look like this and scan is in action.
He will not drop files to be scanned as malwares so he scan only high risk cookies or temp files.
And after scan finished or cancelled stopped this warning will be applied like this :
By continue Unprotected or something we are pushed to buy this software.
Once we are cancelling or exit this program we are warning that we are in danger :
Also we are meeting the following pop ups in our taskbar
And if we close the interface or minisize will show a popup again like that
Clicking on Clean Disinfect activate and License Key will rediects to activate window.
Update This is not free but still to activate window.
The Firewall add rule option lead to a same fake alert
Anyway he still annoy the users with fake task manager a bluescreen and other malicious stuff.
He also have glitches or mistakes
No any zaxar program will try to have a update by proxy
And Desktop Security ? Is a great mistake in a clone !
And the firewall add edit and default delete rule :
This threat is disguising so fast and he install it self and files to appdata roaming and registry key folder is Antivirus Solution 2010
The filename is security.exe and the installer is 2.64 MB
Results and hashes
Let's try the activation process : License key is LIC-1800-FE88-8788-BBED-B26C-899B-14A6-4503-4618-EB85-B7A8-371D-1097-FEBC-B41D-C2B1-7A5F
Once activated this software is updating and remove threats.
REMOVAL THREATS :
After disinfection no threats found and Auto protection is ON And updating database :
After update finished i got this notification
And full access to everything on this fake antivirus.
And the uninstall is free without a uninstall key but debug require.
Uninstall process will look like this :
Videos about this rogue are Here
Rogue video Review :
And Cookie Detection
Thanks very much to : Andrew Mickelson for this sample that he sended using vxvault win32.malware.sample that files comes with a site : antivirus-solution2010
Niciun comentariu:
Trimiteți un comentariu