Home Malware Programs Rogue Anti-Virus Programs AV7

AV7

Posted: April 13, 2010

As a new rogue anti-virus program being distributed in a variety of ways, AV7 will try to infect your PC under the pretense of being a useful anti-malware utility. However, although AV7 will tell you that AV7 detects a great many threats, AV7 is incapable of detecting real infections or doing anything about them! Besides bad alerts, inaccurate scans and unnecessary pop-ups, AV7 may also force you to endure hijacking attacks on your web browser or attacks on your ability to use other applications. Not only is AV7 not worth paying for, but not even worth having AV7 on your PC – so don't feel any guilt about grabbing the nearest anti-malware scanner and deleting AV7 for good.

AV7 is a Threat Assailing Your PC from a Variety of Angles

AV7 is a confirmed copy of slightly older rogue security programs like Antivirus 7 and Antivirus 8, with the same interface and harmful behavior. Distribution models for AV7 currently take a number of forms, all of them dishonest:

  • AV7 can infect your PC through fake online scanners that tell you that your PC is infected and recommended downloading AV7 or another rogue security application. You should only trust an online scanner from a source that's widely-verified as high-quality; even if you try not to download AV7, AV7 may be installed regardless of your wishes
  • AV7 is also installed through the use of browser safety exploits that force you to download AV7 without knowing it. This can be the outcome of a visit to dangerous website or even just visiting a safe website that unknowingly hosts malicious advertisements. Disabling JavaScript and Flash when browsing risky websites can help prevent this, but even those steps aren't ironclad protection against AV7 attacks.
  • Some sources have also reported that AV7 is being distributed through social networks such as Twitter and Facebook. You should avoid clicking on links, even if they appear to be from known contacts, until you've verified that the links are safe.

AV7 - Unoriginal but Still Dangerous

Although AV7 looks and acts just like older threats like Antivirus 7, AV7 still a considerable danger to any computer. AV7-related attacks can include fake errors such as ones listed below:

Security advisor: Important updates available
Attention! New important updates available
Always install latest updates to enhance your computer secutity [sic] and performance

Internet Shield: Identity theft attampt [sic] detected
56.12.121.12
Warning! Identity theft attempt detected
Please click "Prevent attack" button to heal all infected files and protect your PC

Resident Shield: New virus detected
Warning! New virus detected
Please click "Remove All" button to heal all infected files and protect your PC

AV7 may also create a variety of fake update pop-ups such as a 'Security advisor: Important updates available' window. Since AV7 can't detect viruses or other threats, acting on AV7's advice can actually harm your operating system and may damage or destroy files that are completely harmless! You can also expect AV7 to shove fake scans into the forefront of your display on a regular basis as part of AV7 scam to convince you to purchase a registration key.

Other problems associated with rogue security programs like AV7 include browser hijacks that display fake warnings and change your search results, restricted access to security and maintenance programs and generally altered system settings. Save your money and remove AV7 from your PC by running your choice of a real anti-malware application.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Start Menu\AV7
    2 %Documents and Settings%\All Users\Start Menu\AV7\Antivirus7.lnk
    3 %Documents and Settings%\All Users\Start Menu\AV7\Uninstall.lnk
    4 %Program Files%\AV7
    5 %Program Files%\AV7\antivirus7.exe
    6 %UserProfile%\Desktop\Antivirus7.lnk
    7 %WINDOWS%\SoftwareDistribution\DataStore\Logs\tmp.edb
    8 %WINDOWS%\system32\UpdateExplorer.dll
    9 UpdateExplorer.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\EVA246HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV7?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 12.03.2010?HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}

One Comment

Loading...