If you encounter the following tray popup:
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. It's highly recommended you scan your PC right now."
Do not assume it is a genuine alert; it is merely a means to scare you, used by the fake anti-virus program Advanced Virus Remover. This is one of the means by which the parasite uses to trick you into purchasing it’s "licensed version".
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdvancedVirusRemover.lnk 2 %UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\cookies.sqlite 3 %UserProfile%\Desktop\AdvancedVirusRemover.lnk 4 %UserProfile%\Desktop\Viruses.bdt 5 c:\Documents and Settings\All Users\Start Menu\Programs\AdvancedVirusRemover 6 c:\Documents and Settings\All Users\Start Menu\Programs\AdvancedVirusRemover\AdvancedVirusRemover.lnk 7 c:\Program Files\AdvancedVirusRemover\AdvancedVirusRemover.exe 8 c:\Program Files\AdvancedVirusRemover\Viruses.bdt 9 PAVRM.exe
- The following newly produced Registry Values are:
- The following CLSID's were detected: