Posts Tagged ‘SysAntivirus’

Jun 06

SysAntivirus Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the SysAntivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SysAntivirus.

SysAntivirus is a rogue security program, this is a new variant of XJR Antivirus, AKM Antivirus 2010 Pro and RTS Antivirus 2010. The maker of this rogue give it name as Sysinternals Antivirus. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

  • %ProgramFiles%\wp3.dat
  • %ProgramFiles%\wp4.dat
  • %ProgramFiles%\wpp.exe
  • %ProgramFiles%\adc_w32.dll
  • %ProgramFiles%\alggui.exe
  • %ProgramFiles%\nuar.old
  • %ProgramFiles%\skynet.dat
  • %ProgramFiles%\svchost.exe
  • %ProgramFiles%\Sysinternals Antivirus\Sysinternals Antivirus.exe
  • %UserProfile%\Desktop\Sysinternals Antivirus.lnk
  • %UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
  • C:\Sysinternals Antivirus\Sysinternals Antivirus.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
  • HKEY_CURRENT_USER\software\Sysinternals Antivirus
  • HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp
  • HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp\Registration
  • HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp\setdata
  • HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus
  • HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus
  • HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus\Registration
  • HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus\setdata

Screenshots:

How to remove the infection of SysAntivirus (Adware.Win32.SysAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: ,
Posted in Malware Alerts, Removal Help | Comments Off