which is programmed to give false security alerts to a user once it gets access to his/her system. This particular software can spread by Trojans, fake antivirus websites and security exploits. Antivirus IS is capable of exploiting system security holes like the lack of antivirus in the system, firewall, lack of updates etc.
Once the program infects your system, it will give you the impression that your computer is infected by malware and that you need to purchase the complete version of the software to fix this problem. To make it look more real, Antivirus IS will come up with the list of supposedly detected malware. Now despite how scary these messages may look, you are recommended not to purchase this software since it is nothing but scam. The truth is, the threats that this program has come up with are not real. The whole idea of all these “threats” is to take advantage of you by convincing you to buy the software. If you have purchased the full version of Antivirus IS, then you should contact with your credit card company and dispute the charges.
Antivirus IS is capable of messing with your system in several ways. It can hijack your web browser and can block essential programs like task manager, registry restore and registry editor.
Now if your machine gets infected by Antivirus IS then there no need to freak out. All you need to do is follow the appropriate procedure to clean your system from this “cyber germ”.
Remove Antivirus IS Manually:
Now to get rid of Antivirus IS, you need to stop the following process first:
[random].exe, originating either from C:\Users\.. or C:\Documents and Settings\..
In order to stop the process, you can browse to the file location and re-name it. Later the above files can be removed once you reboot the pc.
Registry Removal Procedures for Antivirus IS
You need to keep in mind that getting rid of the files and folders is not good enough to rescue your system from Antivirus IS. You will need to remove the following keys and settings from the Windows registry too to make sure that the program is removed from your system completely:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0? (CHANGE THIS TO 1)
- HKEY_CURRENT_USER\Software\wnxmal
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″
Antivirus IS Directories:
- %UserProfile%\Local Settings\Application Data\{random}\
- %UserProfile%\Local Settings\Application Data\{random}\{random}.exe
- %UserProfile%\AppData\Local\[SET OF RANDOM CHARACTERS]
Where %UserProfile% is either C:\Documents and Settings\[UserName] or C:\Users\[UserName]
Deleting Antivirus IS manually is a complicated procedure and therefore not recommended for everyone (unless you are genuine computer geek!).