Information about Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs
Creators of rogue antivirus program have launched another program that infects computer systems using different names. The name of a program begins with XP, Vista or Win 7 depending what Operating system your computer is running, then it is followed by Antispyware, Antimalware, Guard, Internet Security or Security with numbers 2011 or without them. For example, XP Security, Win 7 Internet Security, Vista Antimalware 2011, XP Antispyware 2011, Win 7 Security, etc.
Despite different names, the same program is hiding behind them. It is infiltrated through Trojan viruses without slightest notification to a computer user. Once there it is configured to start automatically when computer boots up. The program loads a scanner and imitates looking for infections on your system. After few minutes it displays a list of infections and recommends removing them by purchasing a full version of Vista Guard, XP Internet Security 2011, Win 7 Antimalware 2011, etc.
While inside the system, the program will also cause tons of security notifications for example:
Win 7 Internet Security 2011 Firewall Alert
XP Antispyware 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Ignore such warnings if it happened for you to detect them on your system. They only mean that you have been infected with one of the above mentioned rogue programs. You are strongly advised to get rid of Vista Antispyware 2011, XP Guard, Win 7 Antispyware 2011 or similar as soon as you notice its actions on your system.
Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs Facts
- Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs pretends to increase security of your PC
- Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs free version will show popups, alerts and fake results to convince you to pay
- Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs creators will not deliver license keys upon paying or the full version will not be functional
- Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs might be used to download and advertise other malicious software
- Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs might disable some of your PCs or its programs functions
Manual Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs removal instructions
MSASCui.exe
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe
Fake Guard/Antispyware/Antimalware/Internet Security Antivirus Programs removal instructions comments
| DigitalBBQ / 2011-02-02 21:15 Vote: 0 0 | Quote |
| Who wrote this? I had to load up Puppy Live Linux CD in order to get all my stuff off of the drive. This piece of Sh!t software had my Vista so locked up i could not do a D@m thing. I'm personally putting out a contract for the head of the writer of this malware. | |
Related information
 No comments yet |
 |
|
2 comments |
|
|
No comments yet |
|
