AV Protection Online

Posted: October 18, 2011
Threat Metric
Threat Level: 10/10
Infected PCs 33

AV Protection Online Description

AV Protection Online Screenshot 1AV Protection Online is an AV scamware program that slaps fake alerts and infection warnings onto your screen to incite a furor, before AV Protection Online tries to lull you with promises of normalcy if you'll only purchase AV Protection Online's full-registered and activated version. Despite AV Protection Online's claims, however, AV Protection Online doesn't have any real anti-virus features and can't do more than create inaccurate pop-ups and cripple your real security programs. While AV Protection Online or related infections are active, SpywareRemove.com malware experts warn against potential browser hijacks that can force your browser towards an AV Protection Online-affiliated website. Instead of spending money at such fraudulent sites, it's suggested that you remove AV Protection Online with a good anti-malware program and, in doing so, put a halt to all of AV Protection Online's symptoms.

AV Protection Online: the Charade of Security That It Dishes Up in Lieu of Real AV Protection

AV Protection Online looks exactly like a real anti-virus program and markets itself as such, but SpywareRemove.com malware researchers have tied AV Protection Online to other rogue AV programs that are equally well-known for fraudulent tactics. AV Protection Online can be considered functionally identical to other members of the FakeScanti family such as Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013. Like them, AV Protection Online has been confirmed to create a variety of rather non-protective problems for any PC that AV Protection Online infects, including (but not limited to):

  • Browser hijacks that redirect your web browser to AV Protection Online's own website or the website of a related fake anti-virus program. Any contact with these sites may cause other infections, such as Trojans, rootkits or spyware to be installed without your consent.
  • AV Protection Online may try to block your real security and anti-virus programs to stop you from removing AV Protection Online. Renaming the executable files into generic names (such as 'explorer.exe) or rebooting and launching Safe Mode, will let you get past AV Protection Online's little blacklist so that you can use appropriate software.
  • You may also experience changes in your browser settings, desktop settings or proxy server settings that make your PC appear to be infected by a wide range of PC threats, but AV Protection Online is, in fact, almost certain to be the direct source of any other system problems experienced, even if AV Protection Online creates error messages to make it appear as though another program is at fault.

Good Information – Your Best Defense Against AV Protection Online Attacks

Along with the serious problems described earlier, AV Protection Online is also capable of creating less serious but equally irritating error messages that mislead you about your computer's health. SpywareRemove.com malware research team has found the following series of errors to be common among other members of the AV Protection Online family besides AV Protection Online itself, although AV Protection Online may also create additional variants of these fake alerts:

svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized

Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL] was CANCELLED.

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

The safest thing for your PC is for you to ignore these errors and get back to deleting AV Protection Online with a robust anti-malware application, since following their advice risks causing additional harm to your computer.

AV Protection Online Screenshot 2AV Protection Online Screenshot 3AV Protection Online Screenshot 4AV Protection Online Screenshot 5AV Protection Online Screenshot 6AV Protection Online Screenshot 7AV Protection Online Screenshot 8AV Protection Online Screenshot 9AV Protection Online Screenshot 10

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AV Protection Online may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%svhostu.exe File name: svhostu.exe
Size: 103.93 KB (103936 bytes)
MD5: b30db04a303ca1c54964a37f23a0ed37
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%
Group: Malware file
Last Updated: October 20, 2011
%WINDIR%\system32\atxP0ycS1b3n4.exe File name: atxP0ycS1b3n4.exe
Size: 1.68 MB (1687040 bytes)
MD5: b3ed62012255aed5b965449e921ab4df
Detection count: 46
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: October 20, 2011
%Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\AV Protection Online.lnk File name: %Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\AV Protection Online.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[UserName]\Desktop\AV Protection Online.lnk File name: %Documents and Settings%\[UserName]\Desktop\AV Protection Online.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp File name: %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS].tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Documents and Settings%\[UserName]\Application Data\ldr.ini File name: %Documents and Settings%\[UserName]\Application Data\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS]\ File name: %Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS]\
Group: Malware file
%Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\ File name: %Documents and Settings%\[UserName]\Start Menu\Programs\AV Protection Online\
Group: Malware file
%Windows%\system32\[RANDOM CHARACTERS].exe File name: %Windows%\system32\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\dvS2obF4pGsJdKg\AV Protection Online.ico File name: %AppData%\dvS2obF4pGsJdKg\AV Protection Online.ico
Mime Type: unknown/ico
Group: Malware file

Registry Modifications


The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http=127.0.0.1:53717"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…”HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001?HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001?

2 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.