Saturday, March 20, 2010

advancedvirusremover

Type: rogue

Alias: advanced virus remover

Company: 2008 Advanced Virus Remover.

Description: AdvancedVirusRemover is a rogue anti-spyware. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats. AdvancedVirusRemover is also known as Advanced Virus Remover.

Malware Threat

Directories

C:\Documents and Settings\user-account-name\Start Menu\Programs\AdvancedVirusRemover
C:\Program Files\AdvancedVirusRemover

Files

C:\Windows\System32\AVR09.exe
C:\Windows\System32\AVR10.exe
C:\Documents and Settings\user-account-name\Start Menu\AVR09.exe
C:\Documents and Settings\user-account-name\Start Menu\AdvancedVirusRemover.lnk
C:\Documents and Settings\user-account-name\Start Menu\Advanced Virus Remover.lnk
%quicklaunchdir%\AdvancedVirusRemover.lnk
%quicklaunchdir%\Advanced Virus Remover.lnk
*.exe (md5:b0ea874a21d18bf8540ca7...)
*.exe (md5:0fb47313365db737b7b664...)
C:\Documents and Settings\user-account-name\Desktop\AdvancedVirusRemover.lnk
C:\Documents and Settings\user-account-name\Desktop\Advanced Virus Remover.lnk
C:\Program Files\AdvancedVirusRemover\PAVRM.exe
C:\Program Files\AdvancedVirusRemover\Viruses.bdt
C:\Program Files\AdvancedVirusRemover\AdvancedVirusRemover.exe
C:\Program Files\AdvancedVirusRemover\AdvancedVirusRemover.lnk

Registry Keys

HKEY_CURRENT_USER\Software\AVR

Registry Values

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AdvancedVirusRemover
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Advanced Virus Remover
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Advanced Virus Remover

- vb.eurVB.EUR is a backdoor trojan that provides the author of the trojan with remote administration of victim machines. Once installed, backdoor trojan can be instructed to send, receive, execute and delete files, harvest confidential data from the computer and log activity on the computer.
- vb.exVB.EX is A worm that arrives as a file dropped by other malware or as a file downloaded unknowingly by a user when visiting malicious Web sites. It allows attackers to access and control on infected computers.
- vb.fVB.F is a backdoor worm that spreads through network shares and allows attackers to access and gives full control over infected computer.
- vb.fiVB.FI is a trojan that allows hackers to access and gives full control over infected computer.
- vb.fzwVB.FZW is a worm that arrives as a file dropped by other malware or as a file downloaded unknowingly by a user when visiting malicious Web sites. It allows attackers to access and control on infected computers.
- vb.gxVB.Gx is a Trojan that allows hackers to gain access and full control over the infected computers.
- vb.gy.2VB.GY.2 is a trojan that allows hackers to access and gives full control over infected computer.

advancedvirusremover

ACROSS THE GLOBE

ACROSS THE GLOBE

IN United States

FROM United States