Home Malware Programs Rogue Anti-Spyware Programs AVC Plus

AVC Plus

Posted: December 16, 2014

Threat Metric

Threat Level: 10/10
Infected PCs: 9
First Seen: December 16, 2014
Last Seen: April 18, 2018
OS(es) Affected: Windows

AVC Plus is a rogue anti-malware scanner that detects inaccurate infections on your PC, and requests its purchase before AVC Plus can remove these nonexistent threats. AVC Plus may supplement its fraudulent anti-malware features with attacks that can disable real security solutions or imitate various symptoms of other infections, and you should remove AVC Plus immediately for your PC's safety. Deleting AVC Plus should, when practical, use actual anti-malware software, ideally once you've taken any of several steps possible to disable AVC Plus and other threats.

The Many Minuses of Having AVC Plus

AVC Plus is part of one of the most populous branches of FakeRean, a family of scamware that often substitutes aesthetic changes in branding for meaningful code modifications. Numerous but not all elements of this family reference specific versions of Windows, such as XP Home Security 2013 and Vista Antivirus Pro 2010. However, like AVC Plus, these variants are cloned from past scamware with limited updates, besides their simple changes in skins. Some examples of these variants include Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015.

After being installed by any of multiple, traditionally illicit methods, AVC Plus reconfigures the Registry to let itself launch automatically. After launching, AVC Plus will imitate a system scan of your PC, with results always predetermined for showing fake threat infections. AVC Plus's scanner also includes support for fraudulent pop-up warnings in diverse formats, including Taskbar balloons and Windows dialogue boxes that mimic the forms of default Windows alerts.

While AVC Plus under no circumstances has the power to identify or uninstall real threats to your PC, AVC Plus will continue to request that you purchase its registered version to do so. Malware experts also often find AVC Plus and other members of FakeRean involved in additional attacks. These include browser hijacks that could redirect your browser away from security sites, as well as multiple means of blocking legitimate programs from being run. Default Windows security features, such as the Security Center, also are very likely to be disabled, although AVC Plus may imitate their functions superficially.

Caring for a PC Under the Care of a Fake Anti-Virus

PC users who refrain from purchasing AVC Plus's false security features still are in danger of suffering additional issues from AVC Plus's other, anti-security functions. Malware experts often see AVC Plus and similar scamware being distributed by Trojans with file downloading functions, typically implying the presence of threats in addition to AVC Plus. Consequentially, any PC infected with AVC Plus should be analyzed with genuine anti-malware utilities as thoroughly as possible. Deleting AVC Plus should be done automatically at the same time as your overall system scan, with additional steps (such as restarting with Safe Mode) taken as required to regain full access to any necessary software.

Exploit kits are typical propagators of the FakeRean family and other clones of AVC Plus. Malware researchers can recommend patching particularly vulnerable software to reduce the vulnerabilities that are present. Nonetheless, many exploit kits also include 'zero-day' exploits that have yet to receive patch corrections. Active anti-malware protection always should be employed to prevent AVC Plus and other scamware from being installed automatically.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%TEMP%\65520249.exe File name: 65520249.exe
Size: 87.04 KB (87040 bytes)
MD5: 0bfbd383709390fdb0e442d42bcf9224
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 16, 2014
%AppData%893686b8 File name: %AppData%893686b8
Group: Malware file
%CommonAppData%\893686b8 File name: %CommonAppData%\893686b8
Group: Malware file
%LocalAppData%\<random>.exe File name: %LocalAppData%\<random>.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%LocalAppData%\893686b8 File name: %LocalAppData%\893686b8
Group: Malware file
%UserProfile%\Templates\893686b8 File name: %UserProfile%\Templates\893686b8
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" = "%LocalAppData%\.exe"

Additional Information

The following messages's were detected:
# Message
1AVC Plus has blocked a program from accessing the internet This program is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card details and passwords.
2Severe System Damage! Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
3System Hijack! System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
4Threat Detected! Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.
5Virus Infection! System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

One Comment

  • Craig Henley says:

    I got this malware on my computer last Saturday night, 12/13. It must be brand new, because when I Googled it on a different computer, there were 0 references to it, but checking back today, there are several articles.

    It called itself, &quot;AVC Plus Win 7 Protection 2015&quot;. I got it by foolishly clicking on an email regarding &quot;my recent Costco order&quot;. Since I do order from Costco on a regular basis, I thought it was a legitimate email.

    It rendered my computer completely useless! When I tried to launch Revo Uninstaller Pro to look for and remove it, it would not let me start the program, giving me an error message that the path was not valid, or something like that. I also was not allowed to start any virus or malware scanner on the computer, giving me the same message. I then realized that I was not allowed to launch ANY program on the computer... Word, Windows Media Player, etc., etc., giving me the same error message each time. As expected, I was also not allowed to launch the Control Panel to do a System Restore to an earlier time.

    I was able to get “AVC Plus Win 7 Protection 2015” off my computer by inserting the original Windows 7 operating system disc, restarting the computer, and booting from the CD/DVD drive. I then chose Repair, and “return the computer to an earlier operating state”. Everything went smoothly and the computer now works perfectly. I ran my malware and virus scanners and found nothing.

Loading...