Home Malware Programs Worms Av.exe

Av.exe

Posted: March 8, 2010

Av.exe is a malicious computer worm which has the ability to self-replicate. There are multiple ways for Av.exe dissemination and once infected, your system may be used as a bot facilitating Av.exe propagation. Av.exe is distributed both as a part of spyware or as a single infection. It may enslave a browser hijacker to show misleading popups and may perform other functions aimed at getting a user's money. Use a proven anti-spyware program to detect and remove Av.exe before it takes over your computer.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Local Settings\Application Data\av.exe
    2 %UserProfile%\Local Settings\Application Data\WRblt8464P

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

Related Posts

One Comment

  • rita says:

    please can you help i cant remove av2009 i have gone to start control panel and then add and remove programs but cant found it but still on the computer please help thanks

Loading...