Home Malware Programs Rogue Anti-Virus Programs Antivirus Center

Antivirus Center

Posted: April 30, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 803
First Seen: May 4, 2011
Last Seen: June 13, 2023
OS(es) Affected: Windows

Antivirus Center is a rogue anti-virus scanner that pretends to find infections on your computer to persuade you to spend money on a key for Antivirus Center's full version. Antivirus Center can't detect any real infections and only has the ability to create false positives that hinder your computer use. In addition to accusing uninfected files of being infected, Antivirus Center may also stop applications from running or exert control over your web browser. When done properly with the help of suitable anti-malware tools, removing Antivirus Center will cure all of these problems and restore your PC to perfect health.

Antivirus Center: All 'Anti' and No 'Antivirus'

Even in the opening stages of attacking your PC, Antivirus Center uses disguises to get into position. Trojans that distribute Antivirus Center are known to fake the appearance of a Microsoft Security Center alert. This fake warning popup will announce that your PC is infected and that you should 'Activate Protection' by downloading anti-malware software to fix the issue.

Antivirus Center isn't the only possible rogue program you may receive on your PC. Antivirus Center, a member of the WinWeb Security family is also related to rogue anti-virus programs like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. To avoid being infected by Antivirus Center or one of its relatives, only download software updates and new anti-virus programs through official and trusted sources.

You can see some of the fake errors that are used to install Antivirus Center below:

Security Center
Unauthorized remote connection!
Your system is making an unauthorized personal data transfer to a remote computer!
Warning! Unauthorized personal data transfer is detected! It may be your personal credit card details, logins and passwords, browsing habits or information about files you have downloaded.
To protect your private data, please click "Prevent Connection" button below.

Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Screen.Grab.J.exe
Risk: High

Antivirus Center has no ability to detect viruses or other infections on your PC, but that won't stop it from creating its own fake warning messages, in addition to the ones you previously saw. Avoid acting on Antivirus Center's recommendations for curing these infections, since it can cause serious harm to your computer.

What You Can Do to Snatch Your Computer Back from Antivirus Center

Some versions of Antivirus Center may also engage in more dangerous attacks on your computer such as causing programs to crash or hijacking your web browser and forcing it to dangerous websites. There are steps you can take to prevent Antivirus Center from launching in the first place, which will put you in a good position to remove Antivirus Center:

  • Switch to Safe Mode, which can be accessed in any computer with Windows by hitting F8 while the system loads. Safe Mode stops all unnecessary processes, like Antivirus Center, from running by default. Alternately, if you have a second operating system installed, you can simply reboot into that.
  • Now that Antivirus Center is temporarily disabled, deleting Antivirus Center should prove no hard task. However, it's suggested that you use appropriate anti-malware programs instead of trying to do this yourself.
  • If you still find that infections are blocking your attempts to download or launch applications, consider renaming the files temporarily to generic names like 'iexplore.exe.' This will break past most filters on rogue programs like Antivirus Center.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dat
    2 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].ico
    3 %Temp%\ins2.tmp
    4 %Temp%\mv3.tmp
    5 %Temp%\wrk4.tmp
    6 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Center.lnk
    7 %UserProfile%\Desktop\Antivirus Center.lnk
    8 C:\Documents and Settings\All Users\Application Data\[RANDOM CHARACTERS].avi
    9 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM CHARACTERS].lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS]“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{[RANDOM CHARACTERS]}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{[RANDOM CHARACTERS]}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “C:\WINDOWS\system32\rundll32.exe” = 'C:\WINDOWS\system32\rundll32.exe:*:Enabled:Antivirus Center'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | [RANDOM CHARACTERS]

Additional Information on Antivirus Center

  • The following messages's were detected:
    # Message
    1 Antivirus Center Firewall Alert
    Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.
    2 Antivirus Center
    Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Antivirus Center.

Technical Details

Registry Modifications

The following newly produced Registry Values are:


Related Posts