Posts Tagged ‘WinAntispywareCenter’

May 28

Win Antispyware Center Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the Win Antispyware Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WinAntispywareCenter.

Win Antispyware Center is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

  • %ProgramFiles%\WinAntispywareCenter\av.exe
  • %UserProfile%\Local Settings\Temp\10.tmp

Create or modify registry entries:

  • HKEY_LOCAL_MACHINE\software\Classes\secfile
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\DefaultIcon
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open\command
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\runas
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\runas\command
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\start
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\start\command
  • HKEY_CURRENT_USER\software\Win Antispyware Center
  • HKEY_LOCAL_MACHINE\software\Classes\.exe\shell\open\command
    (Default) = “C:\Program Files\WinAntispywareCenter\av.exe” /START “%1″ %*
    IsolatedCommand = “%1″ %*
  • HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open\command
    (Default) = “C:\Program Files\WinAntispywareCenter\av.exe” /START “%1″ %*
    IsolatedCommand = “%1″ %*
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
    Win Antispyware Center = C:\Program Files\WinAntispywareCenter\av.exe
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
    Win Antispyware Center = C:\Program Files\WinAntispywareCenter\av.exe

Screenshots:

How to remove the infection of Win Antispyware Center (Adware.Win32.WinAntispywareCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: ,
Posted in Malware Alerts, Removal Help | Comments Off