Antivirus 2010 is fake antispyware program from the same family as eAntivirusPro, AntiMalware 2009, Micro Antivirus 2009, Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus. Like other rogue antispyware programs, it uses malicious programs and advertising on the Internet for distribution. This advertisement tells that your computer is infected and offers to download and install Antivirus 2010. Also the program may use trojans for invisible installation on your computer. During installation, it configures itself to run automatically every time, when you start your computer.
Immediately after launch, the program starts scanning the computer and found a lot of trojans and spyware.
Then, it said that you should purchase Antivirus 2010 in order to remove them and protect your PC. Do not do it!
Symptoms in a HijackThis Log:
O2 – BHO: IEDefenderBHO – {FC8A493F-D236-4653-9A03-2BF4FD94F643} – C:\Windows\System32\IEDefender.dll
O4 – HKLM\..\Run: [Windows Gamma Display] C:\Windows\System32\wingamma.exe /adjustment
Use the following instructions to remove Antivirus 2010.
1. Using SmitfraudFix.
- Download SmitfraudFix.
- Reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode. - Double-click SmitfraudFix.exe.
- Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
- You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
- The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.
2. Using Malwarebytes Anti-Malware.
- Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
- Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Antivirus 2010 creates the following files and folders.
c:\Documents and Settings\All Users\Start Menu\Programs\av2010
c:\Documents and Settings\All Users\Desktop\av2010.lnk
c:\Program Files\av2010
c:\Program Files\AV2010\AV2010.exe
c:\Program Files\AV2010\svchost.exe
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\wingamma.exe
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Did this with 2009 version. It doesn’t work.
Both methods ?
Please read these instructions and post your Hijackthis log in our forum. Myantispyware team will help you.
can u use avenger to remove this?
stephen, yes. Use the following script:
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows Gamma Display
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
Folders to delete:
%programfiles%\av2010
Files to delete:
%windir%\System32\wingamma.exe
%windir%\System32\IEDefender.dll