Warning AVASoft Antivirus Professional!

Mar 25

If you have never heard of rogue anti-virus programs, you should be aware of AVASoft Antivirus Professional as this program is the latest computer hackers’ product which I came across a little while ago. The threat is also referred to as AVASoft Professional Antivirus because its interface bears two different names of the program. The unwanted application is associated with Rogue:WinWebSec malware which is known for having spread such fake anti-virus tools as Disk Antivirus Professional, System Progressive Protection, Live Security Platinum and some more.

Once the infection gets to the computer, it is installed in the %Application Data% folder on Windows XP, whereas on Windows Vista, Windows 7 and Windows 8, the location of the file is the %ProgramData% folder. Like any computer application or malicious computer infection, AVAST Antivirus Professional creates new contents in the Registry so that you cannot access the Internet and use executable files. This is done to a make use think that your computer is full of threats which have to be removed using the registered version of the program.

As the rogue application imitates legitimate computer security applications, it is impossible not to notice its fake warnings or alerts:

AVASoft Antivirus Professional Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.

AVASoft Antivirus Professional Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with AVASoft Antivirus Professional.

When I was asked to check what is wrong with a computer which has AVASoft Antivirus Professional installed, I was not able to launch executable files. The only tool which I could open was Internet Explorer; unfortunately, what I found was a message:

Warning! The site you are trying to visit may harm your computer!
Your security level puts your computer at risk!
Activate AVASoft Professional Antivirus, and enable safe web surfing (recommended).
Ignore warnings and visit that some in the current state (not recommended).

It is important to ignore every warning displayed by the fake AV, as its ultimate goal is to get your money and collect your personal information. By paying for the full version of AVASoft Antivirus Professional you lose your money and your identifiable information such as credit card details, home address and so on. Instead of exposing your sensitive information and paying cybercriminals from 59.95 to 89.95 U.S. dollars, you should remove AVASoft Antivirus Professional as soon as you can. The Trojan which spreads the application may download other computer threats such as Worm:Win32/Swimnag and Worm:Win32/Koobface.

Those of you who are familiar with manual malware removal procedure probably know that malicious files, processes and registry entries have to be terminated. As to the malicious files, every instance of the infection is unique, which means that a set of files created on your computer will differ from the files created on mine. For example, AVASoft Antivirus Professional created files in such directories:

%Desktopdir%

%Programs%\AVASoft Antivirus Professional

%AppData%\[Random file name]

“Random file name” means that in the %AppData% folder you will find a 32-character .exe file. The name of the file varies, which means that if on your PC you have a file 12D873C4A70F481B000012D760EF4C20.exe, the file in the same location on my PC will be completely distinct.

Another step which has to be taken to remove AVASoft Antivirus Professional from the PC is the termination of the process which is created by the infection. It is also named randomly and if, for example, you have deleted the file 12D873C4A70F481B000012D760EF4C20.exe, then it is necessary to end the processes bearing the same name.

Finally, the last part which I do not like is the deletion of malicious registry entries which are also named randomly. In order to open Registry Editor, click on Start and launch Run, then type regedit and press OK. Follow the paths given and remove the randomly created keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVASoft Antivirus Professional\UninstallString “%AppData%\[Random]\[Random file name].exe” -u
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVASoft Antivirus Professional\ShortcutPath “%AppData%\[Random]\[Random file name].exe” -u
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVASoft Antivirus Professional\DisplayName AVASoft Antivirus Professional
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVASoft Antivirus Professional\DisplayIcon %AppData%\[Random name]\[Random file name].exe,0
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVASoft Antivirus Professional
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\

%AppData%\[Random name]\[Random file name].exe

Even though I managed to remove the unwanted file, I advise you against manual removal for the one reason – if you are an inexperienced computer user, do not try to remove the infection so as not to corrupt the Registry. I recommend that you apply a reliable spyware removal tool which will remove the infection and safeguard the PC against computer infection. Just keep in mind that before installing an anti-spyware tool it is important to check whether the application is legitimate.

Leave a Reply