Antivirus Security Virus Removal
Buy now the best antivirus program for all your devices. Protect your computer, tablet, smartphone and Mac against all types of viruses, malware and spyware.
See the latest information on computer virus attacks and their removal. McAfee is the leader in internet security and virus detection. Keep up to date on the most.
Award-winning antivirus and security software from Bitdefender. Get the best real-time security for your PC, Mac and mobile devices.
Learn why you need antivirus software for optimized virus protection against malware trojans and identity theft.
Learn how to shield your computer from today s Internet threats with advanced virus removal and virus protection technologies from Norton AntiVirus software.
Benefits for You
System Requirements
Actively protects you from viruses, identity theft and social media dangers
Insight identifies which files and applications are safe and which are dangerous, using the combined feedback of more than 175 million Norton users.
Norton Community Watch tracks virtually every file on the Internet for comprehensive global threat monitoring.
SONAR Behavioral Protection detects the signs that a file is dangerous to proactively protect you from never-before-seen threats.
Internet Protection System scours websites and social networking sites for suspicious links and content to identify the latest social networking scams.
Download Insight and IP Address Insight prevent you from downloading files from websites that have a low reputation score within the Norton user community.
Live 24x7 Threat Monitoring is backed by a network of Norton users who serve as your own personal Neighborhood Watch group.
Scam Insight reviews a website s reputation and lets you know if it s safe to enter your personal information.
Anti-phishing Technology blocks fraudulent phishing sites set up to steal your personal information.
Identity Safe remembers, secures and automatically enters your usernames and passwords for you, so they can t be lost or stolen.
Safe Web tells you if a website is unsafe before you visit it and it s too late.
Safe Web for Facebook scans your Facebook Wall and News Feed for URLs containing security threats, such as phishing sites, malicious downloads and links to unsafe external sites.
Network mapping and monitoring shows all the devices connected to your home network, so you can spot uninvited guests using your wireless connection and/or eavesdropping on you.
Automatic, silent updates keep you one step ahead of new threats and those not yet invented
Automatic product downloads and installations when you re not using your computer ensure your protection is always up to date.
Norton Pulse updates virus definitions every 5 to 15 minutes without disrupting your work or play.
Insight Optimized File Copy identifies safe files and only scans unknown files.
Built-in Intelligence maximizes battery life by putting off non-critical activities until you are plugged in and out of full-screen mode.
Norton Management enables easy single-password access to all Norton cloud-based applications and Web properties – to update, renew, fix or install Norton – including Norton Management, Norton Anti-Theft, Norton Family and Identity Safe.
Windows 8 Compatibility touch-friendly support works equally well in keyboard and mouse environments.
Deep-cleansing tools scour and disinfect even the nastiest infections that lesser products miss
Norton Power Eraser scrubs your computer of deeply embedded, difficult-to-remove infections.
Norton Bootable Recovery Tool creates an emergency rescue CD, DVD or USB that gets your PC running like new, even if it s so infected it won t start up.
Windows 8 App remediation scans Windows 8 apps for threats and removes them.
FREE SUPPORT 24/7. Symantec provides free 24x7 chat, and phone support for a period of one year from initial product installation. Updating to the latest product version may be required to access support. NortonLive Services sold separately. For full details and to access support, go to
Operating Systems Supported
Microsoft Windows XP 32-bit Home/Professional/Tablet PC/Media Center 32-bit with Service Pack 2 or later
Microsoft Windows Vista 32-bit and 64-bit Starter/Home Basic/Home Premium/Business/Ultimate with Service Pack 1 or later
Microsoft Windows 7 32-bit and 64-bit Starter/Home Basic/Home Premium/Professional/Ultimate
Microsoft Windows 8 and Windows 8 Pro 32-bit and 64-bit
Minimum Hardware Requirements
300 MHz for Microsoft Windows XP, 1 GHz for Microsoft Windows Vista/Microsoft Windows 7/Windows 81
256 MB of RAM
300 MB of available hard disk space
CD-ROM or DVD drive if not installing via electronic download
Email scanning supported for POP3-compatible email clients
Browser Support for Phishing Protection, Safe Search, and Password Management
Microsoft Internet Explorer 7.0 or higher 32-bit only 1,2
Mozilla Firefox 32-bit only 2,3
Google Chrome 2,3
Browser Support for Vulnerability Protection
1Some protection features are not available in Windows 8 style browsing mode.
2As made available by Symantec within your service period.
3Supports current and the most recent previous 32-bit releases.
Norton
Small Business
Enterprise
Partners.
Antivirus Security Pro creates an identifier made up of eight letters or numbers, for example, X7gngpng. It then creates a folder with this name under the APPDATA or directory. It creates the following files in this directory:
. exe - a copy of itself
. ico - an icon file
. in or. in - a data file
. lg or. lg - a data file
. exe.manifest - a data file
serv.bat
- a MS DOS batch script that changes the registry and stops services. It might also be detected as Rogue:Win32/Winwebsec
Examples of these files are:
Antivirus Security Pro creates the following registry entry to ensure that it runs each time you start your PC:
In subkey: HKLM SOFTWARE Microsoft Windows CurrentVersion Run
Sets value: AS2014
With data: For example, APPDATA X7gngpng X7gngpng.exe DATA
It creates a desktop shortcut with the file name desktop folder Antivirus Security Pro.lnk, which looks like the following:
It also creates a URL shortcut on the desktop with the file name desktop folder Antivirus Security Pro support.url:
It creates a shortcut in href https://www.microsoft.com/security/portal/mmpc/shared/variables.aspx startmenu target _blank Programs Antivirus Security Pro Antivirus Security Pro.lnk.
It creates a URL shortcut in href https://www.microsoft.com/security/portal/mmpc/shared/variables.aspx startmenu target _blank Programs Antivirus Security Pro Antivirus Security Pro support.url:
Payload
Displays a fake scanner
Antivirus Security Pro
dos a fake scan of your PC. It then falsely claims that a number of files on your PC are infected with malware. It tells you that you need to pay money to register the program if you want to clean the reported infections.
Some examples of the interface, fake alerts, fake scanning results, and pop-ups are shown below:
might show a user interface in English, French, German, Italian, Portuguese, or Spanish. However, the details of the threats detected are always reported in English. The following shows the Italian version of the user interface:
Stops processes
can stop you from launching applications by blocking the process. It will show you a message that falsely claims that the process is infected. It continues to monitor all running processes, and might stop any new process when it is launched.
It will stop any process unless it has one of the following file names:
aeadisrv.exe
alg.exe
audiodg.exe
cleaner.exe
conhost.exe
csrss.exe
ctfmon.exe
dllhost.exe
driverquery.exe
dumprep.exe
dwm.exe
dwwin.exe
explorer.exe
httpd.exe
iastordatamgrsvc.exe
ie4uinit.exe
iedw.exe
ieuser.exe
iexplore.exe
iexplorer.exe
livesp.exe
lsass.exe
lsm.exe
makecab.exe
mdnsresponder.exe
mfnsvc.exe
msdtc.exe
nvscpapisvr.exe
nvsvc.exe
nvvsvc.exe
pdagent.exe
ping.exe
reg.exe
relver.exe
rundll32.exe
sc.exe
searchindexer.exe
searchprotocolhost.exe
services.exe
slsvc.exe
smss.exe
snort.exe
spoolsv.exe
svchost.exe
sysdoctor.exe
systeminfo.exe
taskeng.exe
taskhost.exe
userinit.exe
verclsid.exe
vmacthlp.exe
vmtoolsd.exe
werfault.exe
wininit.exe
winlogon.exe
winroute.exe
wmiprvse.exe
wmpnetwk.exe
wscntfy.exe
wuauclt.exe
The following processes will always be stopped; this list includes some Internet browsers:
chrome.exe
cmd.exe
firefox.exe
msconfig.exe
opera.exe
regedit.exe
safari.exe
taskmgr.exe
When it stops a process it shows an image similar to the following:
Stops and disables services
tries to stop the following services, and disable them so that they will not restart when you turn your PC on:
msmpsvc
Microsoft Security Essentials
windefend
Windows Defender
wscsvc
Windows Security Center
wuauserv
Windows Update
It also tries to disable the following service:
luafv
UAC File Virtualization Filter
Changes security settings
might try to change your PC s security settings by making a number of registry modifications.
It tries to disable various Windows Security Center notifications by making the following changes to the registry:
In subkey: HKLM SOFTWARE Microsoft Security Center
In subkey: HKLM SOFTWARE Microsoft Security Center svc
Sets value: AntiVirusDisableNotify
With data: 1
Sets value: AntiVirusOverride
Sets value: FirewallDisableNotify
Sets value: FirewallOverride
Sets value: UpdatesDisableNotify
It tries to prevent the creation of automatic System Restore points by making the following changes to the registry:
In subkey: HKLM SOFTWARE Microsoft Windows NT CurrentVersion SystemRestore
Sets value: RPSessionInterval
With data: 0
It tries to disable User Account Control UAC by making the following changes to the registry:
In subkey: HKLM SOFTWARE Microsoft Windows CurrentVersion policies system
Sets value: EnableLUA
Sets value: EnableVirtualization
It tries to prevent Windows Defender from running at startup by deleting the following registry entries:
Deletes value: Windows Defender
Deletes value: MSASCui
It tries to disable System Protection by removing the following registry key:
HKLM SOFTWARE Microsoft Windows NT CurrentVersion SPP Clients
Closes windows
If you try to open one of the following windows or programs, or if any alerts are displayed by these programs, the rogue might try to close them:
fwcplui_class
Windows Firewall
msascui_class
wscui_class
Blocks access to websites
The rogue might try to block access to some websites, instead showing a page similar to:
Analysis by David Wood.
Trend Micro has antivirus software to meet all your security needs that will protect your computer and data from today s virus and malware enviornments.
Norton™ AntiVirus