1

Rogue Warning: Antivirus 2010 Security Centre

Author: Alan  Lee – PC Tools malware research team

Antivirus 2010 Security Centre is a rogue security application which uses fake detections to entice infected users to pay for the application which does not function or remove malware as intended.

Moreover, victims who had already paid for the application run the risk of their credit card details being stolen or misused by unscrupulous creators of the rogue security application.

Manual removal of Antivirus 2010 Security Centre

To manually remove Antivirus 2010 Security Centre, remove the following registry entries:

  • HKEY_CLASSES_ROOTInterface{ba60ca52-633e-ddc9-e301-3646ea01eeda}
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{????????-????-????-???????????? } “DisplayIcon”

Type: REG_SZ

Data: \.globalrootsystemrootsystem32us?rinit.exe

  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesuserinit
  • HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesuserinit
  • HKEY_LOCAL_MACHINESYSTEMControlSet002Servicesuserinit

Please note:

{????????-????-????-???????????? } are random alphanumeric characters

All registry keys referenced to \.globalrootsystemrootsystem32us?rinit.exe

Also remove the following files:

  • c:Documents and SettingsAll UsersApplication Data.wtav
  • c:Documents and Settings<username>Local SettingsTemp{E9C1E0AC-C9B1-4c85-94DE-9C1518918D02}.tlb
  • c:WINDOWSsystem32ms??????.dll [note: ?????? are random alphabets]
  • c:WINDOWSsystem32us?rinit.exe [note: user may need to use external tool e.g. pctools file&registry tool to delete this file, please do not delete userinit.exe instead, to get the tool and guidance, post a thread in our forums.]
  • c:WINDOWSTemp{E9C1E0AC-C9B1-4c85-94DE-9C1518918D01}.tlb

WARNING: Editing the registry incorrectly can cause serious problems that may require you to reinstall Windows. PC Tools cannot guarantee that problems resulting from the incorrect editing of the registry can be solved. Edit the registry at your own risk or refer to our malware removal forum for guidance .

This entry was posted in Malware Alerts and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>