Home Malware Programs Rogue Anti-Virus Programs Antivirus Center

Antivirus Center

Posted: April 30, 2011

Threat Metric

Ranking: 7,983
Threat Level: 10/10
Infected PCs: 719
First Seen: May 4, 2011
Last Seen: June 21, 2022
OS(es) Affected: Windows

Antivirus Center is a rogue anti-virus scanner that pretends to find infections on your computer to persuade you to spend money on a key for Antivirus Center's full version. Antivirus Center can't detect any real infections and only has the ability to create false positives that hinder your computer use. In addition to accusing uninfected files of being infected, Antivirus Center may also stop applications from running or exert control over your web browser. When done properly with the help of suitable anti-malware tools, removing Antivirus Center will cure all of these problems and restore your PC to perfect health.

Antivirus Center: All 'Anti' and No 'Antivirus'

Even in the opening stages of attacking your PC, Antivirus Center uses disguises to get into position. Trojans that distribute Antivirus Center are known to fake the appearance of a Microsoft Security Center alert. This fake warning popup will announce that your PC is infected and that you should 'Activate Protection' by downloading anti-malware software to fix the issue.

Antivirus Center isn't the only possible rogue program you may receive on your PC. Antivirus Center, a member of the WinWeb Security family is also related to rogue anti-virus programs like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, Security Shield, MS Removal Tool, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. To avoid being infected by Antivirus Center or one of its relatives, only download software updates and new anti-virus programs through official and trusted sources.

You can see some of the fake errors that are used to install Antivirus Center below:

Security Center
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to a remote computer!
Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded.
To protect your private data, please click "Prevent Connection" button below.

Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Screen.Grab.J.exe
Risk: High

Antivirus Center has no ability to detect viruses or other infections on your PC, but that won't stop it from creating its own fake warning messages, in addition to the ones you previously saw. Avoid acting on Antivirus Center's recommendations for curing these infections, since it can cause serious harm to your computer.

What You Can Do to Snatch Your Computer Back from Antivirus Center

Some versions of Antivirus Center may also engage in more dangerous attacks on your computer such as causing programs to crash or hijacking your web browser and forcing it to dangerous websites. There are steps you can take to prevent Antivirus Center from launching in the first place, which will put you in a good position to remove Antivirus Center:

  • Switch to Safe Mode, which can be accessed in any computer with Windows by hitting F8 while the system loads. Safe Mode stops all unnecessary processes, like Antivirus Center, from running by default. Alternately, if you have a second operating system installed, you can simply reboot into that.
  • Now that Antivirus Center is temporarily disabled, deleting Antivirus Center should prove no hard task. However, it's suggested that you use appropriate anti-malware programs instead of trying to do this yourself.
  • If you still find that infections are blocking your attempts to download or launch applications, consider renaming the files temporarily to generic names like 'iexplore.exe.' This will break past most filters on rogue programs like Antivirus Center.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dat
    2 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].ico
    3 %Temp%\ins2.tmp
    4 %Temp%\mv3.tmp
    5 %Temp%\wrk4.tmp
    6 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Center.lnk
    7 %UserProfile%\Desktop\Antivirus Center.lnk
    8 C:\Documents and Settings\All Users\Application Data\[RANDOM CHARACTERS].avi
    9 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM CHARACTERS].lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS]“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{[RANDOM CHARACTERS]}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{[RANDOM CHARACTERS]}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “C:\WINDOWS\system32\rundll32.exe” = 'C:\WINDOWS\system32\rundll32.exe:*:Enabled:Antivirus Center'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | [RANDOM CHARACTERS]

Additional Information on Antivirus Center

  • The following messages's were detected:
    # Message
    1 Antivirus Center Firewall Alert
    Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.
    2 Antivirus Center
    Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Antivirus Center.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Antivirus Center may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%ALLUSERSPROFILE%\[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS].dat%ALLUSERSPROFILE%\[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]_.mkv%ALLUSERSPROFILE%\[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]_[RANDOM CHARACTERS].avi

Related Posts

2 Comments