AV Protection 2011 - it is fake antivirus. Only money ransom.
Files are created:
C:\Documents and Settings\<UserName>\Application Data\FCE03\0FD4B.exe
C:\Documents and Settings\<UserName>\Application Data\FCE03\3F0D.CE0
C:\Documents and Settings\<UserName>\Application Data\LUUJ1wscH0aTNzF\AV Protection 2011.ico
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\AV Protection 2011.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
C:\Program Files\03F0D\lvvm.exe
C:\Program Files\LP\4B7F\027.exe
C:\Program Files\LP\4B7F\2.tmp
C:\Program Files\LP\4B7F\3.tmp
C:\Program Files\LP\4B7F\4.tmp
C:\WINDOWS\system32\AV Protection 2011v121.exe
Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"027.exe" = "C:\Program Files\LP\4B7F\027.exe"
"ZikkWC6uQ" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"
"wbbIK2edvJwcHqT8234A" = "C:\WINDOWS\system32\AV Protection 2011v121.exe"
Random key names.
To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.
Run and install it.
Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.
When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.
I hope this guide helps you :)
C:\Documents and Settings\<UserName>\Application Data\FCE03\0FD4B.exe
C:\Documents and Settings\<UserName>\Application Data\FCE03\3F0D.CE0
C:\Documents and Settings\<UserName>\Application Data\LUUJ1wscH0aTNzF\AV Protection 2011.ico
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\AV Protection 2011.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
C:\Program Files\03F0D\lvvm.exe
C:\Program Files\LP\4B7F\027.exe
C:\Program Files\LP\4B7F\2.tmp
C:\Program Files\LP\4B7F\3.tmp
C:\Program Files\LP\4B7F\4.tmp
C:\WINDOWS\system32\AV Protection 2011v121.exe
Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"027.exe" = "C:\Program Files\LP\4B7F\027.exe"
"ZikkWC6uQ" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"
"wbbIK2edvJwcHqT8234A" = "C:\WINDOWS\system32\AV Protection 2011v121.exe"
To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.
Run and install it.
Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.
When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.
No comments:
Post a Comment