The Emsisoft malware research team has discoverd a new outbreak of the Antivirus 2010 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.Antivirus2010.

Antivirus 2010 is a rogue security program.  A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

And we have been researching more deeply about this rogue, you can see it here.

Create new files:

• %windir%\system32\mspnxdcm.dll
• %windir%\system32\us?rinit.exe
• %userprofile\Local Settings\Temp\{E9C1E0AC-C9B1-4c85-94DE-9C1518918D02}.tlb
• %allusersprofile%\Application Data\.wtav

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{79E5663A-AB5A-E69C-34F1-96598186C04C}
  (DWORD) NoModify = 0×00000001 (1)
  (DWORD) NoRepair = 0×00000001 (1)
  (DWORD) u = 0×00000024 (36)
  (DWORD) t = 0×00000001 (1)
  (SZ) DisplayName = Antivirus 2010
  (SZ) Publisher = WebTop Software Limited
  (SZ) URLInfoAbout = http://www.webtopbilling.com/
  (SZ) UninstallString = \\.\globalroot\systemroot\system32\us?rinit.exe /uninstall
  (SZ) DisplayIcon = \\.\globalroot\systemroot\system32\us?rinit.exe
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
  (DWORD) Start = 0×00000002 (2)
  (DWORD) Type = 0×00000010 (16)
  (DWORD) ErrorControl = 0×00000000 (0)
  (SZ) ObjectName = LocalSystem
  (SZ) DisplayName = Antivirus 2010
  (SZ) Description = AV software
  (SZ) ImagePath = \\.\globalroot\systemroot\system32\us?rinit.exe

Screenshots:

How to remove the infection of Antivirus 2010 (Adware.Win32.Antivirus2010)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discoverd a new outbreak of the PCdoumi2010 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.PCdoumi2010.

PCdoumi2010 is a rogue security program.  A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %ProgramFiles%\pcdoumi2010\pcdoumi2010Fnc.dll
• %ProgramFiles%\pcdoumi2010\pcdoumi2010Res.dll
• %ProgramFiles%\pcdoumi2010\pcdoumi2010Up.exe
• %ProgramFiles%\pcdoumi2010\searced.log
• %ProgramFiles%\pcdoumi2010\uninstall.exe
• %ProgramFiles%\pcdoumi2010\launcher.exe
• %ProgramFiles%\pcdoumi2010\pcdoumi2010.exe
• %ProgramFiles%\pcdoumi2010\data\Enc_PDCode.ss
• %AllUsersProfile%\Desktop\PCµµ¿ì¹Ì2010.lnk
• %AllUsersProfile%\Start Menu\Programs\pcdoumi2010\PCµµ¿ì¹Ì2010 ȨÆäÀÌÁö.url
• %AllUsersProfile%\Start Menu\Programs\pcdoumi2010\PCµµ¿ì¹Ì2010.lnk
• %AllUsersProfile%\Start Menu\Programs\pcdoumi2010\PCµµ¿ì¹Ì2010 Á¦°Å.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\pcdoumi2010
• HKEY_CURRENT_USER\software\pcdoumi2010
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “pcdoumi2010″

Screenshots:

How to remove the infection of PCdoumi2010 (Adware.Win32.PCdoumi2010)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.