Antivirus 8 Resident Shield
Antivirus 8 Resident Shield is a fake pop-up warning associated with the rogue malware remover Antivirus 8. Antivirus 8 Resident Shield produces a security alert that tries to convince unwary computer users that their system is infected with malware. The corrupt program suggests users should click the "Remove All" button before paying for a so-called licensed version of Antivirus 8. Do not fall for this trickery and have these threats removed from your system immediately using a proven malware remover.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings\All Users\Start Menu\AV8\Antivirus8.lnk 2 %Documents and Settings\All Users\Start Menu\AV8\Uninstall.lnk 3 %Program Files\AV8\ 4 %Program Files\AV8\av8.exe 5 %UserProfile%\Desktop\Antivirus8.lnk 6 Documents and Settings\All Users\Start Menu\AV8\
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\A88246HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV8"HKEY_CURRENT_USER\Software\WinFDHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe "Debugger" = "C:\Program Files\AV8\av8.exe -d"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 23.09.2010"
I was having a bit of toruble getting this to actually remove after I had deleted the above registry keys. Found some similar keys that I think are associated with AV8.
HKEY_CURRENT_USER\Software\A88605
HKEY_CURRENT_USER\Software\WinR6
After removing these I was finally clean.