Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Rogues - AVSystemCare family

Currently, there are 85 variants (that I know) of the rogue security software suite known as AVSystemCare. They supposedly offer antivirus, antispyware, firewall and a pop-up blocker in an all-in-one package and may seem a good deal - and are similar in that respect to the more recognized and respected names in this field such as Kaspersky, Symantec, Trend Micro, McAfee, CA, F-Secure, et al.

The twist here is though is that they report the presence of fake threats in order to goad the user into buying a full license for the application to remove these threats - that don't really exist. The applications can be manually downloaded and installed, or if your system is vulnerable (without current, adequate protection), they may be installed by a downloader - without the user's consent.

Please note that throughout this page I only refer to the HijackThis (or HJT) startup entries and not all associated files - to keep in with the theme of the rest of the site. Note that if you have more than one rogue installed that uses a file common to other rogues the HJT log entry (and maybe filename) could have a pair of () with number inside appended, i.e., HKLM\..\Run: [Salestart(1)]. See here for an example of such a log.

AVSystemCare

The following image (© Symantec) shows the main screen for AVSystemCare (click on the image for a larger version - applies throughout):

AVSystemCare

HijackThis (or HJT) log startup entries identified:

The one file they all share (although a different version in each case obviously) is pgs.exe. Many of the others are also shared between the variants - but not neccesarily always the same one, as you'll see below. In addition, the entries above are from a number of different logs - presumably from different versions of the rogue.

Other registry entries identified:

External links:

Any removal guide referred to below uses MalwareBytes Anti-Malware, which incorporates the functionality from their popular (but now discontinued) RogueRemover products:

MalwareBytes

Variants

Before dealing with the individual variants, here are some screenshots from some of them (© BleepingComputer) showing the common user interface:

AntiSpywareControl BestsellerAntivirus PCAntiVirusPro PCVirusless VirtualPCGuard WinSecureAv

Index

Allertaminacce BastioneAntivirus Pcbeskyttelse TrustedAntivirus
Alltiettantivirus BedreigingsMonitoor Pc-prot Vacinatotal
Antiespiadorado BestsellerAntivirus PCSecureSystem VeiligheidsAgent
Antiespionspack Besutohogo Pcsikkerhed Virenfrierpc
Antigusanos2008 BortMedVirus PCTotalDefender VirtualPCGuard
Antispionage DefensaAntiMalware PCVirusless Virusdeteccion
Antispionagepro Filtrodetrojan ProtectionComplete VirusDifesa
AntiSpyControl GoldenAntiSpy Proteccionconfiable VirusEffaceur
AntiSpywareControl Keinegefahr ProtectionConue VirusForsvar
AntiSpywareSuite Maximumantivirus ProtezionefiData Virusfrittsystem
AntiVer2008 MegaVirusKit Rescatedeamenazas VirusGarde
Antivirusaskeladd Meinbesterschutz SichererAntivirus VirusGuardPlus
AntivirusFiable Menacerescue SichererSchutz VirusSchlacht
AntivirusForAll MenaceSecure Sistemaimune VirusSeigyo
AntivirusOrdi Mijnantivirus Sletingenvirus Virusstopper.net
AntivirusPCPakke Nadadevirus SolelunaAntiVirus Virusuwadame
AntivirusPCSuite NeuerSchild SpyGuardPro VirusVakt
AntivirusPertutti Norwayvirus Stoltbeskyttelse Virusvanguard
AntiVirusScherm NoWayVirus Trojanerfilter WegVonViren
AntiWorm2008 Orantiespion TrojansFilter WinSecureAv
Antiwurm2008 PCAntiVirusPro TrojansFiltre WinSpyControl
AVSeguro      

Antispionage

(German → "Anti-spy")

HJT log entries:

External links:

Antispionagepro

(German → "Anti-spy")

HJT log entries:

External links:

AntiSpyControl

HJT log entries:

External links:

AntiSpywareControl

HJT log entries:

External links:

AntiSpywareSuite

HJT log entries:

External links:

AntiVirusAskeladd

HJT log entries:

Other registry entries:

External links:

AntiVer2008

(French → "AntiVir")

HJT log entries:

External links:

AntivirusFiable

(French → "TrustedAntivirus")

HJT log entries:

AntivirusForAll

HJT log entries:

External links:

AntivirusOrdi

HJT log entries:

External links:

AntivirusPCPakke

(Danish → "AntivirusPCPackage")

HJT log entries:

AntivirusPCSuite

HJT log entries:

External links:

AntivirusPertutti

HJT log entries:

External links:

AntiVirusScherm

(Dutch → "Antivirus Screen")

HJT log entries:

Other registry entries:

External links:

AntiWorm2008

HJT log entries:

External links:

AVSeguro

(Spanish → "AV Security")

HJT log entries:

BastioneAntivirus

(Italian → "Bastion Antivirus")

HJT log entries:

BedreigingsMonitoor

(Afrikaans?)

HJT log entries:

External links:

BestsellerAntivirus

HJT log entries:

Other registry entries:

External links:

BortMedVirus

HJT log entries:

External links:

DefensaAntiMalware

HJT log entries:

External links:

GoldenAntiSpy

HJT log entries:

External links:

MegaVirusKit

HJT log entries:

MenaceSecure

HJT log entries:

NeuerSchild

(German → "NewShield")

HJT log entries:

NoWayVirus

HJT log entries:

External links:

PCAntiVirusPro

HJT log entries:

External links:

PCSecureSystem

HJT log entries:

PCTotalDefender

HJT log entries:

External links:

PCVirusless

(French)

HJT log entries:

External links:

ProtectionComplete

HJT log entries:

ProtectionConue

HJT log entries:

ProtezionefiData

HJT log entries:

SichererAntivirus

(German → "Safe Antivirus")

HJT log entries:

SichererSchutz

(German → "Safe Protection")

HJT log entries:

SolelunaAntiVirus

HJT log entries:

SpyGuardPro

HJT log entries:

External links:

TrojansFilter

HJT log entries:

External links:

TrojansFiltre

(German → "TrojansFilter")

HJT log entries:

External links:

TrustedAntivirus

HJT log entries:

External links:

VeiligheidAgent

(Dutch → "Security Agent")

HJT log entries:

VirtualPCGuard

HJT log entries:

External links:

VirusDifesa

(Italian → "Virus Defence")

HJT log entries:

Other registry entries:

External links:

VirusEffaceur

(French → "Virus Erasing")

HJT log entries:

External links:

VirusForsvar

(Danish → "Virus Defence")

HJT log entries:

Other registry entries:

External links:

VirusGarde

(French → "VirusGuard")

HJT log entries:

Other registry entries:

External links:

VirusGuardPlus

HJT log entries:

External links:

VirusSchlacht

(German → "Virus Battle")

HJT log entries:

Other registry entries:

External links:

VirusSeigyo

HJT log entries:

VirusVakt

(Swedish → "VirusGuard")

HJT log entries:

Other registry entries:

External links:

WegVonViren

(German → "Way Of Viruses")

HJT log entries:

External links:

WinSecureAv

HJT log entries:

External links:

WinSpyControl

HJT log entries:

External links:

Back to Rogues - Overview

Copyright © Pacman's Portal, 2001 - 2017
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home