Advanced Virus Remover System Warning
If you encounter the following tray popup:
"System warning!
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. It's highly recommended you scan your PC right now."
Do not assume it is a genuine alert; it is merely a means to scare you, used by the fake anti-virus program Advanced Virus Remover. This is one of the means by which the parasite uses to trick you into purchasing it’s "licensed version".
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdvancedVirusRemover.lnk 2 %UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\cookies.sqlite 3 %UserProfile%\Desktop\AdvancedVirusRemover.lnk 4 %UserProfile%\Desktop\Viruses.bdt 5 c:\Documents and Settings\All Users\Start Menu\Programs\AdvancedVirusRemover 6 c:\Documents and Settings\All Users\Start Menu\Programs\AdvancedVirusRemover\AdvancedVirusRemover.lnk 7 c:\Program Files\AdvancedVirusRemover\AdvancedVirusRemover.exe 8 c:\Program Files\AdvancedVirusRemover\Viruses.bdt 9 PAVRM.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AVRHKEY_CURRENT_USER\Software\AdvancedVirusRemoverHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU - The following CLSID's were detected:
HKEY..\..\{CLSID Path}5222009A-DD62-49c7-A735-7BD18ECC7350
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.