|
Feb
24
|
Threat Description:
Based on our malware analysis, we advise you to abstain from visiting Av-protect.com site. The blackhat things that we found about that domain are as follows. Av-protect.com is promoting a program which is classified as rogue anti-spyware. It is called Antivirus Soft and is an aggressive digital impostor application that pretends to help you without being able to. Browser redirect activity ending up on Av-protect.com is one of the numerous symptoms of Antivirus Soft malvertising. This rogue software gets onto your machine in an unsolicited manner and never asks for authorization from you. Having made itself comfortable enough inside your system, this scare program distorts many things such as the Registry, files and additionally, it modifies HOSTS file and browser settings. You will have some hard time going to any website you target. When typing in some URL, all you will get is Av-protect.com or its clone Av-protect.microsoft.com which serves for intimidating purposes (please see the fake warning page screenshot below). The computer criminals who run the whole Antivirus Soft campaign want to you keep hitting Av-protect.com so that you start thinking you really need that program to get reliable virus protection. Unfortunately, Antivirus Soft turns out to be anything but a working tool defending you against malware. It’s a fake, which means it will take your money and run. Therefore it makes absolutely no sense believing Av-protect.com site and buying the featured software, i.e. Antivirus Soft. It’s important to get rid of trojan horses that trigger Antivirus Soft browser hijack on your system.
Determine if your system is infected with Av-protect.com hijacker and related threats:
Download Av-protect.com Infection Free Scanner with Remover
Av-protect.com Screenshot:
Av-protect.microsoft.com Fake Warning Screenshot:
How to remove this threat manually:
Av-protect.com manual uninstall procedure:
Get rid of the related corrupt files:
- %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe
- %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sftav.exe
Delete the associated registry entries:
- HKEY_CURRENT_USER\Software\AvScan
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random string]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random string]“
Please note that Av-protect.com manual removal is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may cause irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:
 |
Download Av-protect.com Removal Tool |  |